On 11/12/2017 10:17 AM, Andrea Adami wrote: > if i do: > > SET ROLE 'manage...@scuola-1.it <mailto:manage...@scuola-1.it>'
[SELECT from table] > i see only one row (as expected) > > but when i do: [SELECT from VIEWs] > I see all the rows always > > this way i lack all the row level security i defined > > is this either a bug or it's made by design ? > if it's made by design why ? > Is there a way to write view that respect the row level security ? > For my point of view is a nonsense make a row level security that > doesn't work with the view. See: https://www.postgresql.org/docs/10/static/sql-createview.html In particular: "Access to tables referenced in the view is determined by permissions of the view owner." And: https://www.postgresql.org/docs/10/static/ddl-rowsecurity.html "Superusers and roles with the BYPASSRLS attribute always bypass the row security system when accessing a table. Table owners normally bypass row security as well, though a table owner can choose to be subject to row security with ALTER TABLE ... FORCE ROW LEVEL SECURITY." HTH, Joe -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development
Description: OpenPGP digital signature