[HACKERS] row_security GUC does not behave as documented

2016-01-03 Thread Tom Lane
The fine manual says that when row_security is set to off, "queries fail which would otherwise apply at least one policy". However, a look at check_enable_rls() says that that is a true statement only when the user is not table owner. If the user *is* table owner, turning off row_security seems

Re: [HACKERS] row_security GUC does not behave as documented

2016-01-03 Thread Alvaro Herrera
Tom Lane wrote: > Stephen Frost writes: > > On Sunday, January 3, 2016, Tom Lane wrote: > >> The fine manual says that when row_security is set to off, "queries fail > >> which would otherwise apply at least one policy". However, a look at > >>

Re: [HACKERS] row_security GUC does not behave as documented

2016-01-03 Thread Stephen Frost
* Tom Lane (t...@sss.pgh.pa.us) wrote: > Stephen Frost writes: > > On Sunday, January 3, 2016, Tom Lane wrote: > >> The fine manual says that when row_security is set to off, "queries fail > >> which would otherwise apply at least one policy". However, a

Re: [HACKERS] row_security GUC does not behave as documented

2016-01-03 Thread Tom Lane
Alvaro Herrera writes: > Tom Lane wrote: >> Well, I tried changing the code to act the way I gather it should, and >> it breaks a whole bunch of regression test cases. See attached. > I think this means we need to postpone 9.5.0 for a week. I think the regression

Re: [HACKERS] row_security GUC does not behave as documented

2016-01-03 Thread Stephen Frost
Tom, On Sunday, January 3, 2016, Tom Lane wrote: > The fine manual says that when row_security is set to off, "queries fail > which would otherwise apply at least one policy". However, a look at > check_enable_rls() says that that is a true statement only when the user > is

Re: [HACKERS] row_security GUC does not behave as documented

2016-01-03 Thread Tom Lane
Stephen Frost writes: > On Sunday, January 3, 2016, Tom Lane wrote: >> The fine manual says that when row_security is set to off, "queries fail >> which would otherwise apply at least one policy". However, a look at >> check_enable_rls() says that that is

Re: [HACKERS] row_security GUC does not behave as documented

2016-01-03 Thread Stephen Frost
* Tom Lane (t...@sss.pgh.pa.us) wrote: > Stephen Frost writes: > > As we don't want to end up with the same behavior-change-due-to-GUC that > > we had with the original row_security implementation, we should change > > the code as your patch does and update the regression

Re: [HACKERS] row_security GUC does not behave as documented

2016-01-03 Thread Tom Lane
Stephen Frost writes: > As we don't want to end up with the same behavior-change-due-to-GUC that > we had with the original row_security implementation, we should change > the code as your patch does and update the regression tests accordingly. I think probably the tests need