Re: row_security GUC, BYPASSRLS

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Joe Conway <mail(at)joeconway(dot)com>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, Noah Misch <noah(at)leadboat(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: row_security GUC, BYPASSRLS
Date: 2015-09-15 17:53:04
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

Joe Conway <mail(at)joeconway(dot)com> writes:
> On 09/15/2015 10:58 AM, Robert Haas wrote:
>> I can't argue with that, I suppose, but I think row_security=force is
>> a pretty useful convenience. If we must remove it, so be it, but I'd
>> be a little sad.

> There are use cases where row_security=force will be set in production
> environments, not only in testing.

What cases, exactly, and is there another way to solve those problems?
I concur with Noah's feeling that allowing security behavior to depend on
a GUC is risky.

regards, tom lane

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Joe Conway 2015-09-15 18:26:29 Re: row_security GUC, BYPASSRLS
Previous Message Fabien COELHO 2015-09-15 17:30:10 Re: extend pgbench expressions with functions