Tom Lane wrote: > Stephen Frost <sfr...@snowman.net> writes: > > On Sunday, January 3, 2016, Tom Lane <t...@sss.pgh.pa.us> wrote: > >> The fine manual says that when row_security is set to off, "queries fail > >> which would otherwise apply at least one policy". However, a look at > >> check_enable_rls() says that that is a true statement only when the user > >> is not table owner. If the user *is* table owner, turning off > >> row_security seems to amount to just silently disabling RLS, even for > >> tables with FORCE ROW LEVEL SECURITY. > >> > >> I am not sure if this is a documentation bug or a code bug, but it > >> sure looks to be one or the other. > > > The original reason for changing how row_security works was to avoid a > > change in behavior based on a GUC changing. As such, I'm thinking that has > > to be a code bug, as otherwise it would be a behavior change due to a GUC > > being changed in the FORCE RLS case for table owners. > > Well, I tried changing the code to act the way I gather it should, and > it breaks a whole bunch of regression test cases. See attached.
I think this means we need to postpone 9.5.0 for a week. -- Álvaro Herrera http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers