Ted Toth <txtoth@gmail.com> writes:
> On Mon, Jan 4, 2016 at 4:54 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Are you perhaps testing this as a superuser? Superusers bypass RLS
>> even with FORCE ROW LEVEL SECURITY.
> Yes I was a Superuser but without 'Bypass RLS'. So there's no way to
> enforce RLS for all users/roles?
There's no such thing as a "superuser without bypassrls", or a superuser
without any other privilege either. That's the point of having superuser,
is that you can *always* defeat privilege restrictions if you have to.
I do not know if Crunchy's 9.4 mods broke that principle, but if so,
it was a bug IMO.
regards, tom lane