| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com>, Noah Misch <noah(at)leadboat(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: row_security GUC, BYPASSRLS |
| Date: | 2015-09-15 16:23:49 |
| Message-ID: | 55F84615.2030303@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 09/15/2015 10:58 AM, Robert Haas wrote:
> I can't argue with that, I suppose, but I think row_security=force is
> a pretty useful convenience. If we must remove it, so be it, but I'd
> be a little sad.
There are use cases where row_security=force will be set in production
environments, not only in testing. I would be very strongly opposed to
removing the ability to force RLS from being applied to owners and
superusers, and in fact think we should figure out how to make changing
row_security, once it is set, more difficult.
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joe Conway | 2015-09-15 16:28:38 | Re: row_security GUC, BYPASSRLS |
| Previous Message | Tom Lane | 2015-09-15 16:10:43 | Re: row_security GUC, BYPASSRLS |