Home > mailing lists

Re: RLS on catalog tables would be helpful - Mailing list pgsql-general

From	Joe Conway
Subject	Re: RLS on catalog tables would be helpful
Date	March 2, 2016 22:37:47
Msg-id	56D74106.7080709@joeconway.com Whole thread Raw
In response to	RLS on catalog tables would be helpful (Alan Droege <adroege@perfectpractice.com>)
Responses	Re: RLS on catalog tables would be helpful ("Joshua D. Drake" <jd@commandprompt.com>)
List	pgsql-general

Tree view

On 03/02/2016 11:29 AM, Alan Droege wrote:
> I have removed SELECT rights from the pg_proc.prosrc column so that
> I can hide the source code of stored functions.  This is working OK,
> however I would really like to just hide certain functions via RLS.
> I understand that great damage could be done to the system catalog by
> allowing users to mess with them, however  RLS seems to be a great
> idea in this case.
>
> Has this been thought about?  Any plans to change in the future?

It has been discussed at some length and there is a specific
implementation patch that has been proposed. See:


http://www.postgresql.org/message-id/flat/CA+Tgmoa=4vTi1Hb1HTA0+QbZLOjkpJBd5dKVw3zmP-kdWJER3w@mail.gmail.com#CA+Tgmoa=4vTi1Hb1HTA0+QbZLOjkpJBd5dKVw3zmP-kdWJER3w@mail.gmail.com

It would be good for you to add your thoughts on your use case and
specific functionality you would require to that thread.

Joe

--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development

Attachment

signature.asc

pgsql-general by date:

From: Alan Droege
Date: 02 March 2016, 22:29:24
Subject: RLS on catalog tables would be helpful

From: "drum.lucas@gmail.com"
Date: 02 March 2016, 22:52:04
Subject: Re: Export binary data - PostgreSQL 9.2

Re: RLS on catalog tables would be helpful - Mailing list pgsql-general

Attachment

Previous

Next