The following documentation comment has been logged on the website: Page: https://www.postgresql.org/docs/9.6/static/ddl-rowsecurity.html Description:
The policy documentation page is great, and the example in it is very informative, but I just discovered a major flaw in our implementation of it that I would like to see mentioned in the documentation. If you create a view on a table, any queries against the view are in the context of the view creator rather than the actual current user. So, in the example on the page, if the admin creates a view of the passwd table and grants access to this view, alice would no longer be subject to any of the RLS policies as long as she used the view instead of the real table. -- Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-docs
