[Please reply to the list, not just to me, so that others can benefit
from and contribute to the discussion]
On 31 August 2016 at 11:52, Andrea Adami <fol@fulcro.net> wrote:
> Thnaks Dean, i did further investigations:
> i set the owner of the view to: "manager@scuola247.it" with:
> ALTER TABLE public.policy_view OWNER TO "manager@scuola247.it";
> and i thinking to see from the select:
> select * from policy_view
> the rows: 1,2,3
> then
> set role 'manager@scuola247.it';
> select * from policy_view;
> return rows 1,2,3 as expected but:
> set role 'teacher@scuola247.it';
> select * from policy_view;
> returns rows 4,5 and
> set role 'postgres'
> select * from policy_view
> return nothing ...
> what you thinking about ?
>
> Andrea
That's correct. With the table owned by postgres and the view owned by
"manager@scuola247.it", access to the table via the view is subject to
the policies that apply to "manager@scuola247.it". So regardless of
who the current user is, when selecting from the view, the policy
"standard" will be applied, and that will limit the visible rows to
those for which usr = current_user.
Regards,
Dean