Re: Multi-tenancy with RLS - Mailing list pgsql-hackers

From Amit Langote
Subject Re: Multi-tenancy with RLS
Date
Msg-id 568A3C89.3040001@lab.ntt.co.jp
Whole thread Raw
In response to Re: Multi-tenancy with RLS  (Haribabu Kommi <kommi.haribabu@gmail.com>)
Responses Re: Multi-tenancy with RLS
List pgsql-hackers
On 2016/01/04 14:43, Haribabu Kommi wrote:
>>
>> Here I attached new series of patches with a slightly different approach.
>> Instead of creating the policies on the system catalog tables whenever
>> the catalog security command is executed, just enable row level security
>> on the system catalog tables. During the relation build, in
>> RelationBuildRowSecurity function, if it is a system relation, frame the
>> policy using the policy query which we earlier used to create by parsing it.
>>
>> With the above approach, in case of any problems in the policy, to use
>> the corrected policy, user just needs to replace the binaries. whereas in
>> earlier approach, either pg_upgrade or disabling and enabling of catalog
>> security is required.
>>
>> Currently it is changed only for shared system catalog tables and also the
>> way of enabling catalog security on shared system catalog tables is through
>> initdb only. This also can be changed later. I will do similar changes for
>> remaining catalog tables.
>>
>> Any comments on the approach?
> 
> Instead of creating policies during the "alter database" command for database
> catalog tables, generating at relation building is leading to an
> infinite recursion
> loop because of transformExpr call for the qual. Any ideas to handle the same?

I tried your latest patch to see what may have caused the infinite
recursion. The recursion occurs during backend startup itself, right?

ISTM, doing transformWhereClause during RelationCacheInitializePhase3()
would not work. Things like operators, functions within the policy qual
require namespace lookup which down the line would call
RelationBuildRowSecurity for pg_namespace build and so on thus causing the
infinite recursion. Perhaps, it would have to be done in a separate phase
after the phase 3 but I'm not sure.

I wonder why do the policy quals need to be built from scratch every time
in RelationBuildRowSecurity for system tables (shared or otherwise)? Why
not just read from the pg_policy catalog like regular relations if ALTER
DATABASE CATALOG SECURITY TRUE already created those entries? Maybe I
missing something though.

Thanks,
Amit





pgsql-hackers by date:

Previous
From: Andres Freund
Date:
Subject: Re: POC: Cache data in GetSnapshotData()
Next
From: Dilip Kumar
Date:
Subject: Re: parallel joins, and better parallel explain