Skip to content

migra: WITH (security_invoker = true) omitted from VIEW definition #462

New issue
New issue
Open
Open
migra: WITH (security_invoker = true) omitted from VIEW definition#462
@fsv-michael

Description

@fsv-michael
fsv-michael
opened on Dec 9, 2025

This is an existing issue in python migra: djrobstep/migra#234

When using RLS, the security_invoker setting on a view can be critical, but migra omits it. This is exceptionally dangerous because, with default view ownership including BYPASSRLS permission, by default it causes me to leak sensitive data.

Given:
CREATE OR REPLACE my_view WITH ( security_invoker = TRUE ) AS ... against an empty db

Expected:
CREATE OR REPLACE my_view WITH ( security_invoker = TRUE ) AS ...

Actual
CREATE OR REPLACE my_view AS ...

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions