JD,
* Joshua D. Drake (jd@commandprompt.com) wrote:
> On 02/09/2016 12:28 PM, Stephen Frost wrote:
> >* Joshua D. Drake (jd@commandprompt.com) wrote:
> >>pg_dump -U $non-super_user
> >>
> >>Should just work, period.
> >
> >That ship has sailed already, where you're running a pg_dump against
> >objects you don't own and which have RLS enabled on them.
>
> Just to be clear, what I was suggesting is that pg_dump would just
> work (and RLS would properly execute) or in other words, I shouldn't
> have to tell pg_dump to enable row security else throw an error. If
> RLS is enabled, then the backup just runs with appropriate
> permissions.
>
> Or am I missing something?
You do have to tell pg_dump to enable RLS if you want it to be enabled
when performing a pg_dump. There's multiple reasons for this, the first
being that, otherwise, you might get an incomplete dump, and secondly,
you might execute a function that some untrusted user wrote and included
in their RLS policy. We want to avoid both of those, unless you've
specifically asked for it to be done. That's why row_security is set to
'off' by pg_dump by default.
Thanks!
Stephen