On Thu, Jun 29, 2017 at 02:25:11PM +0000, deinspanjer@gmail.com wrote: > The following documentation comment has been logged on the website: > > Page: https://www.postgresql.org/docs/9.6/static/ddl-rowsecurity.html > Description: > > The policy documentation page is great, and the example in it is very > informative, but I just discovered a major flaw in our implementation of it > that I would like to see mentioned in the documentation. > > If you create a view on a table, any queries against the view are in the > context of the view creator rather than the actual current user. > > So, in the example on the page, if the admin creates a view of the passwd > table and grants access to this view, alice would no longer be subject to > any of the RLS policies as long as she used the view instead of the real > table. > > -- > Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-docs
