Re: FORCE ROW LEVEL SECURITY

On Wed, Nov 4, 2015 at 1:48 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
>> FORCE ROW LEVEL SECURITY doesn't behave as I would expect.
>>
>> rhaas=# create policy hideit on foo1 using (a < 3);
>> CREATE POLICY
>> rhaas=# explain select * from foo1;
>> QUERY PLAN
>> ---------------------------------------------------------
>> Seq Scan on foo1 (cost=0.00..22.70 rows=1270 width=36)
>> (1 row)
>> rhaas=# alter table foo force row level security;
>> ALTER TABLE
>> rhaas=# alter table foo1 enable row level security;
>> ALTER TABLE
>
> Sorry if my prior wasn't clear, but above you do 'foo' and 'foo1'
> independently.
>
> Did you intend to alter table 'foo'?

Hmm. I've clearly done both, but it still doesn't work:

rhaas=# alter table foo1 enable row level security;
ALTER TABLE
rhaas=# alter table foo1 force row level security;
ALTER TABLE
rhaas=# \d foo1
Table "public.foo1"
Column | Type | Modifiers
--------+---------+-----------
a | integer | not null
b | text |
Policies (Forced Row Security Enabled):
POLICY "hideit" FOR ALL
USING ((a < 3))
Inherits: foo

rhaas=# explain select * from foo1;
QUERY PLAN
---------------------------------------------------------
Seq Scan on foo1 (cost=0.00..22.70 rows=1270 width=36)
(1 row)

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company