Re: [HACKERS] FORCE ROW LEVEL SECURITY

2015-11-05 Thread Robert Haas
On Wed, Nov 4, 2015 at 2:39 PM, Stephen Frost wrote: > In this case, you ran it as superuser which automatically has the > 'BYPASSRLS' privilege, which means that RLS is bypassed always. > > The change to how BYPASSRLS works was discussed with and ultimately > implemented by

Re: [HACKERS] FORCE ROW LEVEL SECURITY

2015-11-04 Thread Robert Haas
On Wed, Nov 4, 2015 at 1:48 PM, Stephen Frost wrote: > * Robert Haas (robertmh...@gmail.com) wrote: >> FORCE ROW LEVEL SECURITY doesn't behave as I would expect. >> >> rhaas=# create policy hideit on foo1 using (a < 3); >> CREATE POLICY >> rhaas=# explain select * from foo1;

Re: [HACKERS] FORCE ROW LEVEL SECURITY

2015-11-04 Thread Stephen Frost
Robert, * Robert Haas (robertmh...@gmail.com) wrote: > On Wed, Nov 4, 2015 at 1:48 PM, Stephen Frost wrote: > > * Robert Haas (robertmh...@gmail.com) wrote: > >> FORCE ROW LEVEL SECURITY doesn't behave as I would expect. > >> > >> rhaas=# create policy hideit on foo1 using (a

Re: [HACKERS] FORCE ROW LEVEL SECURITY

2015-11-04 Thread Stephen Frost
Robert, * Robert Haas (robertmh...@gmail.com) wrote: > FORCE ROW LEVEL SECURITY doesn't behave as I would expect. > > rhaas=# create policy hideit on foo1 using (a < 3); > CREATE POLICY > rhaas=# explain select * from foo1; >QUERY PLAN >

Re: [HACKERS] FORCE ROW LEVEL SECURITY

2015-11-04 Thread Stephen Frost
* Robert Haas (robertmh...@gmail.com) wrote: > FORCE ROW LEVEL SECURITY doesn't behave as I would expect. > > rhaas=# create policy hideit on foo1 using (a < 3); > CREATE POLICY > rhaas=# explain select * from foo1; >QUERY PLAN >