Re: Add SECURITY_INVOKER_VIEWS option to CREATE DATABASE

David G. Johnston <david.g.johnston@gmail.com>

From: "David G. Johnston" <david.g.johnston@gmail.com>
To: Steve Chavez <steve@supabase.io>
Cc: PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2026-01-27T18:02:34Z
Lists: pgsql-hackers
On Tuesday, January 27, 2026, Steve Chavez <steve@supabase.io> wrote:

> Hello hackers,
>
> Currently views are not secure by default since they bypass RLS.
> PostgreSQL 15 introduced the `WITH (security_invoker = true)` option for
> this but it's easy to miss on every new view created.
>
> It's also inconsistent with functions, which default to SECURITY INVOKER.
>

I’d be more inclined to change this incompatibility than try to affect
action at a distance with a database setting.  But suspect the status-quo
is likely to prevail.  Maybe we need a view of views that reference RLS
relations that aren’t security_invoker?  Add something to the docs?  If one
knows enough to enable a database setting they can institute different less
problematic solutions as well.  Maybe we provide an event trigger example.

David J.