Home > mailing lists

Re: RLS 9.5rc1 configuration changes? - Mailing list pgsql-general

From	Tom Lane
Subject	Re: RLS 9.5rc1 configuration changes?
Date	January 5, 2016 03:14:48
Msg-id	14724.1451952882@sss.pgh.pa.us Whole thread Raw
In response to	Re: RLS 9.5rc1 configuration changes? (Ted Toth <txtoth@gmail.com>)
List	pgsql-general

Tree view

Ted Toth <txtoth@gmail.com> writes:
> On Mon, Jan 4, 2016 at 4:54 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Are you perhaps testing this as a superuser?  Superusers bypass RLS
>> even with FORCE ROW LEVEL SECURITY.

> Yes I was a Superuser but without 'Bypass RLS'. So there's no way to
> enforce RLS for all users/roles?

There's no such thing as a "superuser without bypassrls", or a superuser
without any other privilege either.  That's the point of having superuser,
is that you can *always* defeat privilege restrictions if you have to.

I do not know if Crunchy's 9.4 mods broke that principle, but if so,
it was a bug IMO.

            regards, tom lane

pgsql-general by date:

From: Jim Nasby
Date: 05 January 2016, 02:22:13
Subject: Re: to_timestamp alternatives

From: Adrian Klaver
Date: 05 January 2016, 04:41:23
Subject: Re: Cannot upgrade from 9.3 to 9.4 using pg_upgrade

Re: RLS 9.5rc1 configuration changes? - Mailing list pgsql-general

Previous

Next