sql: support row_security session parameter

There is a client connection parameter called `row_security`. When set to 'off', any query will fail if at least one row-level security (RLS) policy applies. When set to 'on', which is the default, RLS policies will apply as usual.

This issue is opened to implement this behavior in CRDB, ensuring consistency with postgres.

Note, the connection parameter already exists, but is currently not implemented:
https://github.com/cockroachdb/cockroach/blob/6f67524f1e22a13fc1cd4f658c82369361e9d6c3/pkg/sql/vars.go#L1646-L1654

Jira issue: CRDB-46421

Epic CRDB-52152

	// See https://www.postgresql.org/docs/10/static/runtime-config-client.html#GUC-ROW-SECURITY
	// The default in pg is "on" but row security is not supported in CockroachDB.
	// We blindly accept both values because as long as there are now row security policies defined,
	// either value produces the same query results in PostgreSQL. That is, as long as CockroachDB
	// does not support row security, accepting either "on" and "off" but ignoring the result
	// is postgres-compatible.
	// If/when CockroachDB is extended to support row security, the default and allowed values
	// should be modified accordingly.
	`row_security`: makeCompatBoolVar(`row_security`, false, true /* anyAllowed */),

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

sql: support row_security session parameter #138916

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

sql: support row_security session parameter #138916

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions