Dynamic Masking not working
Hi,
I am trying to get this example to work: https://postgresql-anonymizer.readthedocs.io/en/stable/dynamic_masking/
Even after logging in with user skynet, I still only see unmasked data.
I've tried restarting the docker container, dropping and installing the extension, among various other things.
On querying pg_seclabels, I can see that the security labels are present but I am still seeing unmasked data.
objoid | classoid | objsubid | objtype | objnamespace | objname | provider | label
--------+----------+----------+----------+--------------+----------------------------------------------------------------------+----------+---------------------------------------------------------
33311 | 1259 | 3 | column | 2200 | people.lastname | anon | MASKED WITH FUNCTION anon.dummy_last_name()
33311 | 1259 | 4 | column | 2200 | people.phone | anon | MASKED WITH FUNCTION anon.partial(phone,2,$$******$$,2)
1299 | 1255 | 0 | function | 11 | now() | anon | TRUSTED
1317 | 1255 | 0 | function | 11 | length(text) | anon | TRUSTED
1598 | 1255 | 0 | function | 11 | random() | anon | TRUSTED
1622 | 1255 | 0 | function | 11 | repeat(text, integer) | anon | TRUSTED
870 | 1255 | 0 | function | 11 | lower(text) | anon | TRUSTED
871 | 1255 | 0 | function | 11 | upper(text) | anon | TRUSTED
881 | 1255 | 0 | function | 11 | ltrim(text) | anon | TRUSTED
882 | 1255 | 0 | function | 11 | rtrim(text) | anon | TRUSTED
883 | 1255 | 0 | function | 11 | substr(text, integer) | anon | TRUSTED
885 | 1255 | 0 | function | 11 | btrim(text) | anon | TRUSTED
2087 | 1255 | 0 | function | 11 | replace(text, text, text) | anon | TRUSTED
2284 | 1255 | 0 | function | 11 | regexp_replace(text, text, text) | anon | TRUSTED
2285 | 1255 | 0 | function | 11 | regexp_replace(text, text, text, text) | anon | TRUSTED
1777 | 1255 | 0 | function | 11 | to_number(text, text) | anon | TRUSTED
1778 | 1255 | 0 | function | 11 | to_timestamp(text, text) | anon | TRUSTED
1780 | 1255 | 0 | function | 11 | to_date(text, text) | anon | TRUSTED
3058 | 1255 | 0 | function | 11 | concat(VARIADIC "any") | anon | TRUSTED
3060 | 1255 | 0 | function | 11 | "left"(text, integer) | anon | TRUSTED
3061 | 1255 | 0 | function | 11 | "right"(text, integer) | anon | TRUSTED
2020 | 1255 | 0 | function | 11 | date_trunc(text, timestamp without time zone) | anon | TRUSTED
2021 | 1255 | 0 | function | 11 | date_part(text, timestamp without time zone) | anon | TRUSTED
2049 | 1255 | 0 | function | 11 | to_char(timestamp without time zone, text) | anon | TRUSTED
2058 | 1255 | 0 | function | 11 | age(timestamp without time zone, timestamp without time zone) | anon | TRUSTED
2311 | 1255 | 0 | function | 11 | md5(text) | anon | TRUSTED
3153 | 1255 | 0 | function | 11 | array_to_json(anyarray) | anon | TRUSTED
3155 | 1255 | 0 | function | 11 | row_to_json(record) | anon | TRUSTED
3199 | 1255 | 0 | function | 11 | json_build_array() | anon | TRUSTED
3201 | 1255 | 0 | function | 11 | json_build_object() | anon | TRUSTED
3202 | 1255 | 0 | function | 11 | "json_object"(text[]) | anon | TRUSTED
3176 | 1255 | 0 | function | 11 | to_json(anyelement) | anon | TRUSTED
3263 | 1255 | 0 | function | 11 | jsonb_object(text[]) | anon | TRUSTED
3787 | 1255 | 0 | function | 11 | to_jsonb(anyelement) | anon | TRUSTED
3272 | 1255 | 0 | function | 11 | jsonb_build_array() | anon | TRUSTED
3274 | 1255 | 0 | function | 11 | jsonb_build_object() | anon | TRUSTED
3846 | 1255 | 0 | function | 11 | make_date(year integer, month integer, day integer) | anon | TRUSTED
3847 | 1255 | 0 | function | 11 | make_time(hour integer, min integer, sec double precision) | anon | TRUSTED
32824 | 1255 | 0 | function | 32769 | anon.anonymize_table(tablename text) | anon | UNTRUSTED
32900 | 1255 | 0 | function | 32769 | anon.anonymize_column(tablename text, colname name) | anon | UNTRUSTED
32915 | 1255 | 0 | function | 32769 | anon.masking_expressions_for_table(r oid, p text) | anon | UNTRUSTED
32918 | 1255 | 0 | function | 32769 | anon.masking_value_for_column(r oid, c integer, p text) | anon | UNTRUSTED
32940 | 1255 | 0 | function | 32769 | anon.hasmask(role regrole, masking_policy text DEFAULT 'anon'::text) | anon | UNTRUSTED
32945 | 1255 | 0 | function | 32769 | anon.mask_columns(source_relid oid) | anon | UNTRUSTED
32946 | 1255 | 0 | function | 32769 | anon.mask_filters(relid oid) | anon | UNTRUSTED
32947 | 1255 | 0 | function | 32769 | anon.mask_select(relid oid) | anon | UNTRUSTED
32948 | 1255 | 0 | function | 32769 | anon.mask_create_view(relid oid) | anon | UNTRUSTED
32949 | 1255 | 0 | function | 32769 | anon.mask_drop_view(relid oid) | anon | UNTRUSTED
32950 | 1255 | 0 | function | 32769 | anon.start_dynamic_masking(autoload boolean DEFAULT true) | anon | UNTRUSTED
32951 | 1255 | 0 | function | 32769 | anon.stop_dynamic_masking() | anon | UNTRUSTED
32952 | 1255 | 0 | function | 32769 | anon.trg_mask_update() | anon | UNTRUSTED
32953 | 1255 | 0 | function | 32769 | anon.mask_role(maskedrole regrole) | anon | UNTRUSTED
32954 | 1255 | 0 | function | 32769 | anon.unmask_role(maskedrole regrole) | anon | UNTRUSTED
32955 | 1255 | 0 | function | 32769 | anon.mask_update() | anon | UNTRUSTED
32956 | 1255 | 0 | function | 32769 | anon.remove_masks_for_all_roles() | anon | UNTRUSTED
32958 | 1255 | 0 | function | 32769 | anon.anonymize_database() | anon | UNTRUSTED
32994 | 1255 | 0 | function | 32769 | anon.load_csv(dest_table regclass, csv_file text) | anon | UNTRUSTED
32995 | 1255 | 0 | function | 32769 | anon.init(datapath text) | anon | UNTRUSTED
32996 | 1255 | 0 | function | 32769 | anon.notice_if_not_init() | anon | UNTRUSTED
32997 | 1255 | 0 | function | 32769 | anon.load(text) | anon | UNTRUSTED
32998 | 1255 | 0 | function | 32769 | anon.init() | anon | UNTRUSTED
32999 | 1255 | 0 | function | 32769 | anon.load() | anon | UNTRUSTED
33000 | 1255 | 0 | function | 32769 | anon.is_initialized() | anon | UNTRUSTED
33001 | 1255 | 0 | function | 32769 | anon.reset() | anon | UNTRUSTED
33002 | 1255 | 0 | function | 32769 | anon.unload() | anon | UNTRUSTED
33204 | 1255 | 0 | function | 32769 | anon.remove_masks_for_all_columns() | anon | UNTRUSTED
32769 | 2615 | 0 | schema | 32769 | anon | anon | TRUSTED
33305 | 1260 | 0 | role | | skynet | anon | MASKED