| От | Stephen Frost |
|---|---|
| Тема | Re: RLS policy issue |
| Дата | |
| Msg-id | 20150521223453.GB26667@tamriel.snowman.net обсуждение |
| Ответ на | RLS policy issue (Ted Toth <txtoth@gmail.com>) |
| Список | pgsql-general |
Ted,
* Ted Toth (txtoth@gmail.com) wrote:
> I'd also expect that the "rewrite" would have added the POLICY SELECT
> USING clause to the query but I don't see any indication of that in
> the details that follow:
Just running 'explain' should show the policy.
Are you running this as the owner of the table or as a superuser? As
noted in the documentation, the owner (who controls the policies
on the table anyway) and the superuser (who can bypass all
authorization) do not have the RLS policies applied unless the
'row_security' GUC is set to 'force', like so:
SET row_security = force;
By the way, you might be interested in the test_rls_hooks module which I
wrote and committed recently under src/test/modules. That's the
approach which I was thinking about using with sepgsql to provide policy
enforcement, but using regular policies should also work.
Thanks!
Stephen
В списке pgsql-general по дате отправления:
Сайт использует файлы cookie для корректной работы и повышения удобства. Нажимая кнопку «Принять» или продолжая пользоваться сайтом, вы соглашаетесь на их использование в соответствии с Политикой в отношении обработки cookie ООО «ППГ», в том числе на передачу данных из файлов cookie сторонним статистическим и рекламным службам. Вы можете управлять настройками cookie через параметры вашего браузера