On 02/09/2016 01:22 PM, Tom Lane wrote: > Maybe we need to restrict that somehow, or maybe some better solution > exists that we've not thought of yet. But in its current state, RLS > is at least as much a security hazard as it is a security aid. > I do not want to see it extended in ways that make pg_dump unsafe to > use.
Ok, I can see that. Maybe we should have a specific GRANT for CREATE POLICY which is distinct from the privilege to CREATE TABLE? Joe -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development
Description: OpenPGP digital signature