On 2014-01-31 15:10, Stephen Frost wrote:
> * Craig Ringer (craig@2ndquadrant.com) wrote:
>> On 01/31/2014 09:01 AM, Stephen Frost wrote:
>> The only case prevented is one where access to the child via the parent
>> shows rows that the parent's row-security qual would hide, because the
>> child's qual doesn't.
> It makes absolutely zero sense, in my head anyway, to have rows returned
> when querying the parent which should NOT be returned based on the quals
> of the parent.
IMHO, there is another way to implement this, other than the procedure
to override the child-rel-quals with the ones from the parent. At DDL
time, synchronize quals on the parent with rls quals of the childs.
Isn't this also what happens with constraints?
Then during expansion of the range table, no code is needed to ignore
child rls quals and copy parent rels to child rels.
Also, the security policy applied would be invariant to the route
through which the rows were accessed:
- directly to the child row: child rls quals and parent quals (by
propagate at ddl) are applied.
- through the parent: child rls quals and parent quals applied.
regards,
Yeb Havinga
