Re: A little RLS oversight?

On Sun, Jul 12, 2015 at 5:59 PM, Yaroslav wrote:
> I can still see all statistics for 'test' in pg_stats under unprivileged
> user.

Indeed, this looks like an oversight of RLS. Even if a policy is
defined to prevent a user from seeing the rows of other users, it is
still possible to get some information though this view.
I am adding an open item regarding that for 9.5.

> I'd prefer statistics on RLS-enabled tables to be simply hidden completely
> for unprivileged users.

This looks like something simple enough to do.
@Stephen: perhaps you have some thoughts on the matter? Currently
pg_stats breaks its promise to only show information about the rows
current user can read.
-- 
Michael