Adjust behavior of row_security GUC to match the docs.
Some time back we agreed that row_security=off should not be a way to
bypass RLS entirely, but only a way to get an error if it was being
applied. However, the code failed to act that way for table owners.
Per discussion, this is a must-fix bug for 9.5.0.
Adjust the logic in rls.c to behave as expected; also, modify the
error message to be more consistent with the new interpretation.
The regression tests need minor corrections as well. Also update
the comments about row_security in ddl.sgml to be correct. (The
official description of the GUC in config.sgml is already correct.)
I failed to resist the temptation to do some other very minor
cleanup as well, such as getting rid of a duplicate extern declaration.
Branch
------
master
Details
-------
http://git.postgresql.org/pg/commitdiff/5d35438273c4523a4dc4b48c3bd575e64310d3d4
Modified Files
--------------
doc/src/sgml/ddl.sgml | 34 ++++++++++------
src/backend/utils/misc/rls.c | 50 ++++++++++++-----------
src/test/regress/expected/rowsecurity.out | 61 ++++++++++-------------------
src/test/regress/sql/rowsecurity.sql | 25 +++++-------
4 files changed, 78 insertions(+), 92 deletions(-)
