Re: RLS 9.5rc1 configuration changes?

On Mon, Jan 4, 2016 at 4:54 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Ted Toth <txtoth@gmail.com> writes:
>> I had been using CrunchyDatas 9.4 with backported RLS but I decided
>> since my ultimate target is 9.5 that I update to it. However now the
>> function called for the SELECT policy is not being called. \dt shows
>> the policy but EXPLAIN ANALYZE of a select doesn't show the filter.
>
> I'm not sure how Crunchy's 9.4 version behaves, but I'd expect the
> policy USING condition to be visible in EXPLAIN in 9.5.
>
> Are you perhaps testing this as a superuser?  Superusers bypass RLS
> even with FORCE ROW LEVEL SECURITY.

Yes I was a Superuser but without 'Bypass RLS'. So there's no way to
enforce RLS for all users/roles?

>
>> ... The only
>> changes I made for 9.5 were to no longer set row_security to 'force'
>> in postgresql.conf
>
> What did you set it to instead?

row_security=on. Maybe 'force' did what I wanted in Crunchy's 9.4 version :(

>
>                         regards, tom lane