| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com>, Craig Ringer <craig(at)2ndquadrant(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Yeb Havinga <yeb(dot)havinga(at)portavita(dot)nl> |
| Subject: | Re: RLS Design |
| Date: | 2014-07-02 15:49:34 |
| Message-ID: | 20140702154934.GJ16422@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
> On Wed, Jul 2, 2014 at 11:42 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> >> > What if policies exist and they decide to
> >> > 'turn off' RLS for the table- suddenly everyone can see all the rows?
> >>
> >> That'd be my vote. Sorta like disabling triggers.
> >
> > Hmm. Ok- how would you feel about at least spitting out a WARNING if
> > there are still policies on the table in that case..? Just makes me a
> > bit nervous to have a case where policies can be defined on a table but
> > are not actually being enforced..
>
> Sounds like nanny-ism to me.
Alright, fair enough. Clearly, the individual changing the RLS on the
table will have to have appropriate rights to do so.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Palle Girgensohn | 2014-07-02 15:58:39 | Re: Keepalive-related socket options under FreeBSD 9, 10 |
| Previous Message | Robert Haas | 2014-07-02 15:48:41 | Re: RLS Design |