Re: [RFC] Interface of Row Level Security - Mailing list pgsql-hackers

From Florian Pflug
Subject Re: [RFC] Interface of Row Level Security
Date
Msg-id 6999198B-5504-4A74-A38A-7864E964273C@phlo.org
Whole thread Raw
In response to Re: [RFC] Interface of Row Level Security  (Kohei KaiGai <kaigai@kaigai.gr.jp>)
Responses Re: [RFC] Interface of Row Level Security
List pgsql-hackers
On Jun4, 2012, at 17:38 , Kohei KaiGai wrote:
> I'm worry about future maintenance issues, once we have
> RLSBYPASS permission or something user visible…

I fear that without a generic way to disable RLS regardless which
RLS policy function is in effect, we're creating a huge maintenance
issue for DBAs. In a lot of shops, the DBA is responsible for a large
number of databases, each potentially using a completely different
approach to RLS and hence a completely different policy function.

Without something like RLSBYPASS, the DBA needs to have intimate
knowledge about the different RLS policies to e.g. guarantee that his
backups aren't missing crucial information, or that the replication
system indeed replicates all rows.

With RLSBYPASS, all he needs to do is grant one privilege to his
replication or backup user. The rest can be left to the development
or support team for a specific application.

best regards,
Florian Pflug



pgsql-hackers by date:

Previous
From: Magnus Hagander
Date:
Subject: Re: Updated version of pg_receivexlog
Next
From: Ants Aasma
Date:
Subject: Re: Updated version of pg_receivexlog