undefined | Better HN

0 pointsSpivak3y ago0 comments

This pretty much mirrors stored procedures though which have the option of running as the definer or the invoker. Breaking this with “when RLS is enabled stored procedures and views set to run with the permissions of the definer intersect with the RLS policy of the invoker” is crazy weird.

Maybe it would actually be good behavior but it would super super unintuitive.

0 comments

alberth3y ago

Isn’t it also super unintuitive that developers will have to manage partitioning customer data at the Application Layer even though they think they are using a Data Layer security policy.

When RLS is enabled, their should never be a situation where Customer A might be able to gain access to Customer B data. That’s literally the entire objective of the feature.

This is giving people a false sense of security, and for multi-tenant applications has massive consequences since this will leak data.

mixmastamyk3y ago

Assuming correct, it's an absolutely horrible default that needs to be changed.

Imagine if the default Unix permission was to set files with setuid.

j / k navigate · click thread line to collapse