Re: Row-security on updatable s.b. views - Mailing list pgsql-hackers

From Craig Ringer
Subject Re: Row-security on updatable s.b. views
Date
Msg-id 52EA07C5.3040609@2ndquadrant.com
Whole thread Raw
In response to Re: Row-security on updatable s.b. views  (Craig Ringer <craig@2ndquadrant.com>)
Responses Re: Row-security on updatable s.b. views
List pgsql-hackers
On 01/30/2014 01:25 PM, Craig Ringer wrote:
> On 01/29/2014 09:47 PM, Craig Ringer wrote:
>> https://github.com/ringerc/postgres/compare/rls-9.4-upd-sb-views
>>
>> i.e. https://github.com/ringerc/postgres.git ,
>>      branch rls-9.4-upd-sb-views
>>
>> (subject to rebasing) or the non-rebased tag rls-9.4-upd-sb-views-v2
> 
> Pushed an update to the branch. New update tagged
> rls-9.4-upd-sb-views-v3 . Fixes an issue with rowmarking that stems from
> the underlying updatable s.b. views patch.
> 
> Other tests continue to fail, this isn't ready yet.

Specifically:

- Needs checks in AT INHERITS, AT SET ROW SECURITY, and CT INHERITS to
prohibit any combination of inheritance and row-security, per:
 http://www.postgresql.org/message-id/52EA01C3.70804@2ndquadrant.com

- row-security rule recursion detection isn't solved yet, it just
overflows the stack.

- COPY doesn't know anything about row-security

- I'm just starting to chase some odd errors in the tests, "ERROR:
failed to find unique expression in subplan tlist" and "ERROR:  could
not open file "base/16384/30070": No such file or directory". Their
cause/origin is not yet known, but they're specific to when row-security
policy is being applied.

- policies based on current_user don't "remember" current_user when rows
are pulled from refcursor returned by a security definer function.


There is a chunk of work here. Anybody who wants row-security to happen
for 9.4, please pick something and pitch in.


(Or we could just decide that my rebased and tweaked version of KaiGai's
original patch internal query structure twiddling aside, is the best way
forward after all. That leaves only the last item to deal with.)

-- Craig Ringer                   http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services



pgsql-hackers by date:

Previous
From: Christian Kruse
Date:
Subject: Patch: compiling the docs under Gentoo
Next
From: Christian Kruse
Date:
Subject: Re: [bug fix] pg_ctl fails with config-only directory