Re: [v9.4] row level security - Mailing list pgsql-hackers

From Tom Lane
Subject Re: [v9.4] row level security
Date
Msg-id 1543.1378306249@sss.pgh.pa.us
Whole thread Raw
In response to Re: [v9.4] row level security  (Robert Haas <robertmhaas@gmail.com>)
Responses Re: [v9.4] row level security
Re: [v9.4] row level security
List pgsql-hackers
Robert Haas <robertmhaas@gmail.com> writes:
> On Wed, Sep 4, 2013 at 10:45 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Well, the security-barrier view stuff did not present itself as a 100%
>> solution.  But perhaps more to the point, it was conceptually simple to
>> implement, ie don't flatten views if they have this bit set, and don't
>> push down quals into such sub-selects unless they're marked leakproof.

> Right.  IMHO, this new feature should be similarly simple: when an
> unprivileged user references a table, treat that as a reference to a
> leakproof view over the table, with the RLS qual injected into the
> view.

And for insert/update/delete, we do what exactly?
        regards, tom lane



pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: [v9.4] row level security
Next
From: Tom Lane
Date:
Subject: Re: [tiny doc fix] statistics are not retained across immediate shutdown