The enable_row_security setting
When the ENABLE_ROW_SECURITY setting is true:
- ROW SECURITY tables can be created, accessed, and dropped.
- The security model (level, category, cohort) can be created and managed.
- The security label and audit attributes of users are calculated and enforced.
When the setting is false, the following happens:
- All users get the security label ‘PUBLIC::’ and no audit category. The administrator gets ‘OMNI:OMNI:OMNI’.
- ROW SECURITY tables cannot be created, accessed, or dropped with
the following exceptions:
- The nzbackup command continues to function to allow the row secure tables to be backed up.
- Creation of compressed external tables from row secure tables is permitted to allow nzbackup to function properly.
- SELECT of row secure tables continues to operate and enforces security. However, since all users have the lowest access label, any sensitive labeled data is not visible.