-
Notifications
You must be signed in to change notification settings - Fork 14.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(rls): enable row level security by default #13772
Conversation
24e9ef9
to
3419020
Compare
Codecov Report
@@ Coverage Diff @@
## master #13772 +/- ##
==========================================
+ Coverage 75.91% 77.32% +1.40%
==========================================
Files 933 933
Lines 47185 47186 +1
Branches 5872 5872
==========================================
+ Hits 35821 36487 +666
+ Misses 11191 10557 -634
+ Partials 173 142 -31
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, evaluate if it makes sense to completely remove the switch
@@ -349,7 +349,7 @@ def _try_json_readsha( # pylint: disable=unused-argument | |||
# by that custom datasource access. So we are assuming a default security config, | |||
# a custom security config could potentially give access to setting filters on | |||
# tables that users do not have access to. | |||
"ROW_LEVEL_SECURITY": False, | |||
"ROW_LEVEL_SECURITY": True, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe we could just remove this flag from the config, one less config key, and a bunch of if
's on the code
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll leave it for a short period just to make it easy for orgs running master to disable the feature in case we run into a nasty bug.
SUMMARY
This sets the RLS feature flag to be enabled by default, making RLS generally available.
TODO: add note in
UPDATING.md
BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
TEST PLAN
ADDITIONAL INFORMATION