FORCE ROW LEVEL SECURITY doesn't behave as I would expect. rhaas=# create policy hideit on foo1 using (a < 3); CREATE POLICY rhaas=# explain select * from foo1; QUERY PLAN --------------------------------------------------------- Seq Scan on foo1 (cost=0.00..22.70 rows=1270 width=36) (1 row) rhaas=# alter table foo force row level security; ALTER TABLE rhaas=# alter table foo1 enable row level security; ALTER TABLE rhaas=# explain select * from foo1; QUERY PLAN --------------------------------------------------------- Seq Scan on foo1 (cost=0.00..22.70 rows=1270 width=36) (1 row) rhaas=# create user bob; CREATE ROLE rhaas=# grant select on foo1 to bob; GRANT rhaas=# \c - bob You are now connected to database "rhaas" as user "bob". rhaas=> select * from foo1; a | b ---+--- (0 rows)
rhaas=> explain select * from foo1; QUERY PLAN -------------------------------------------------------- Seq Scan on foo1 (cost=0.00..25.88 rows=423 width=36) Filter: (a < 3) (2 rows) Isn't the whole purpose of FORCE ROW LEVEL SECURITY to cause RLS to be applied even for the table owner? -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers