The enable_row_security setting

When the ENABLE_ROW_SECURITY setting is true:
  • ROW SECURITY tables can be created, accessed, and dropped.
  • The security model (level, category, cohort) can be created and managed.
  • The security label and audit attributes of users are calculated and enforced.
When the setting is false, the following happens:
  • All users get the security label ‘PUBLIC::’ and no audit category. The administrator gets ‘OMNI:OMNI:OMNI’.
  • ROW SECURITY tables cannot be created, accessed, or dropped with the following exceptions:
    • The nzbackup command continues to function to allow the row secure tables to be backed up.
    • Creation of compressed external tables from row secure tables is permitted to allow nzbackup to function properly.
    • SELECT of row secure tables continues to operate and enforces security. However, since all users have the lowest access label, any sensitive labeled data is not visible.