| From: | Ted Toth <txtoth(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: RLS 9.5rc1 configuration changes? |
| Date: | 2016-01-04 23:09:29 |
| Message-ID: | CAFPpqQEn+3oQ4qQMD2BotB2snGAdxvZC7CNG8KAB4vwzWFwAHA@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, Jan 4, 2016 at 4:54 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Ted Toth <txtoth(at)gmail(dot)com> writes:
>> I had been using CrunchyDatas 9.4 with backported RLS but I decided
>> since my ultimate target is 9.5 that I update to it. However now the
>> function called for the SELECT policy is not being called. \dt shows
>> the policy but EXPLAIN ANALYZE of a select doesn't show the filter.
>
> I'm not sure how Crunchy's 9.4 version behaves, but I'd expect the
> policy USING condition to be visible in EXPLAIN in 9.5.
>
> Are you perhaps testing this as a superuser? Superusers bypass RLS
> even with FORCE ROW LEVEL SECURITY.
Yes I was a Superuser but without 'Bypass RLS'. So there's no way to
enforce RLS for all users/roles?
>
>> ... The only
>> changes I made for 9.5 were to no longer set row_security to 'force'
>> in postgresql.conf
>
> What did you set it to instead?
row_security=on. Maybe 'force' did what I wanted in Crunchy's 9.4 version :(
>
> regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jim Nasby | 2016-01-04 23:21:51 | Re: to_timestamp alternatives |
| Previous Message | Edson Richter | 2016-01-04 23:02:44 | Re: BDR and TX obeyance |