Hi. I've tried RLS for a little (in PostgreSQL 9.5alpha1), and want to ask why this wasn't taken in account in its implementation:
"Rather than look at pg_statistic directly, it's better to look at its view pg_stats when examining the statistics manually. pg_stats is designed to be more easily readable. Furthermore, pg_stats is readable by all, whereas pg_statistic is only readable by a superuser. (This prevents unprivileged users from learning something about the contents of other people's tables from the statistics. The pg_stats view is restricted to show only rows about tables that the current user can read.)" i.e. after: ALTER TABLE test ENABLE ROW LEVEL SECURITY; I can still see all statistics for 'test' in pg_stats under unprivileged user. I'd prefer statistics on RLS-enabled tables to be simply hidden completely for unprivileged users. ----- WBR, Yaroslav Schekin. -- View this message in context: http://postgresql.nabble.com/A-little-RLS-oversight-tp5857659.html Sent from the PostgreSQL - hackers mailing list archive at Nabble.com. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
