Robert Haas <robertmh...@gmail.com> writes:
> On Tue, Sep 15, 2015 at 1:00 AM, Noah Misch <n...@leadboat.com> wrote:
>> It also requires a DBA unwilling to
>> furnish test accounts to custodians of sensitive data. With or without
>> row_security=force, such a team is on the outer perimeter of the audience
>> able
>> to benefit from RLS. Nonetheless, I'd welcome a replacement test aid.
> I can't argue with that, I suppose, but I think row_security=force is
> a pretty useful convenience. If we must remove it, so be it, but I'd
> be a little sad.
Keep in mind that if you have an uncooperative DBA on your production
system, you can always test your policy to your heart's content on a
playpen installation. In fact, most people would consider that good
engineering practice anyway, rather than pushing untested code directly
into production.
regards, tom lane
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
