Re: Review of Row Level Security - Mailing list pgsql-hackers

From Kevin Grittner
Subject Re: Review of Row Level Security
Date
Msg-id 20121221144826.144650@gmx.com
Whole thread Raw
In response to Review of Row Level Security  (Simon Riggs <simon@2ndQuadrant.com>)
Responses Re: Review of Row Level Security
List pgsql-hackers
Kohei KaiGai wrote:

>> I don't think I like ALTER TABLE as a syntax for row level
>> security. How about using existing GRANT syntax but allowing a
>> WHERE clause? That seems more natural to me, and it would make
>> it easy to apply the same conditions to multiple types of
>> operations when desired, but use different expressions when
>> desired.
>
> It seems to me this syntax gives an impression that row-security
> feature is tightly combined with role-mechanism, even though it
> does not need. For example, we can set row-security policy of
> primary key is even/odd number, independent from working role.

Is there some high-level discussion of the concept of row level
security that operates independently of roles? I'm having a little
trouble getting my head around the idea, there is no README in the
patch, and the Wiki page on RLS hasn't been updated for two and a
half years and seems to be mainly discussing the possibility of
adding non-leaky views (which we now have). If it doesn't control
which roles have access to which rows, what does it do,
conceptually? (A URL to a page explaining this would be fine.)

-Kevin



pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: Event Triggers: adding information
Next
From: Marko Tiikkaja
Date:
Subject: PL/PgSQL STRICT