Hey Tom,

> Hm ... I'm not following why we'd need a special case for superusers and
> not anyone else?  Seems like any useful RLS scheme is going to require
> more privilege levels than just superuser and not-superuser.

As it stands right now, superuser is the only case where RLS policies
should not be applied/completely ignored.  I suppose it is possible to
create RLS policies that are related to other privilege levels, but those
would still need to be applied despite user id, excepting superuser.  I'll
defer to Stephen or Craig on the usefulness of this scheme.

Could we put the "if superuser then ok" test into the RLS condition test
> and thereby not need more than one plan at all?

As I understand it, the application of RLS policies occurs in the rewriter.
 Therefore, when switching back and forth between superuser and
not-superuser the query must be rewritten, which would ultimately result in
the need for a new plan correct?  If that is the case, then I am not sure
how one plan is possible.  However, again, I'll have to defer to Stephen or
Craig on this one.


Reply via email to