| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Ted Toth <txtoth(at)gmail(dot)com> |
| Cc: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: RLS policy issue |
| Date: | 2015-05-21 22:34:53 |
| Message-ID: | 20150521223453.GB26667@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Ted,
* Ted Toth (txtoth(at)gmail(dot)com) wrote:
> I'd also expect that the "rewrite" would have added the POLICY SELECT
> USING clause to the query but I don't see any indication of that in
> the details that follow:
Just running 'explain' should show the policy.
Are you running this as the owner of the table or as a superuser? As
noted in the documentation, the owner (who controls the policies
on the table anyway) and the superuser (who can bypass all
authorization) do not have the RLS policies applied unless the
'row_security' GUC is set to 'force', like so:
SET row_security = force;
By the way, you might be interested in the test_rls_hooks module which I
wrote and committed recently under src/test/modules. That's the
approach which I was thinking about using with sepgsql to provide policy
enforcement, but using regular policies should also work.
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ian Barwick | 2015-05-22 00:06:55 | Re: Enum in foreign table: error and correct way to handle. |
| Previous Message | Ted Toth | 2015-05-21 22:25:31 | RLS policy issue |