This pretty much mirrors stored procedures though which have the option of running as the definer or the invoker. Breaking this with “when RLS is enabled stored procedures and views set to run with the permissions of the definer intersect with the RLS policy of the invoker” is crazy weird.
Maybe it would actually be good behavior but it would super super unintuitive.
Isn’t it also super unintuitive that developers will have to manage partitioning customer data at the Application Layer even though they think they are using a Data Layer security policy.
When RLS is enabled, their should never be a situation where Customer A might be able to gain access to Customer B data. That’s literally the entire objective of the feature.
This is giving people a false sense of security, and for multi-tenant applications has massive consequences since this will leak data.
Maybe it would actually be good behavior but it would super super unintuitive.