Re: [v9.3] Row-Level Security - Mailing list pgsql-hackers

From Kohei KaiGai
Subject Re: [v9.3] Row-Level Security
Date
Msg-id CADyhKSXF21V_B066hC0dnYw=08ZiPRBK6Ay==SzTWSQTmtuLuw@mail.gmail.com
Whole thread Raw
In response to Re: [v9.3] Row-Level Security  (Florian Pflug <fgp@phlo.org>)
List pgsql-hackers
2012/6/27 Florian Pflug <fgp@phlo.org>:
> On Jun27, 2012, at 07:18 , Kohei KaiGai wrote:
>> The problem is the way to implement it.
>> If we would have permission checks on planner stage, it cannot handle
>> a case when user-id would be switched prior to executor stage, thus
>> it needs something remedy to handle the scenario correctly.
>> Instead of a unique plan per query, it might be a solution to generate
>> multiple plans depending on user-id, and choose a proper one in
>> executor stage.
>>
>> Which type of implementation is what everybody is asking for?
>
> I think you need to
>
>  a) Determine the user-id at planning time, and insert the matching
>    RLS clause
>
> b1) Either re-plan the query if the user-id changes between planning
>    and execution time, which means making the user-id a part of the
>    plan-cache key.
>
> b2) Or decree that for RLS purposes, it's the user-id at planning time,
>    not execution time, that counts.
>
My preference is b1, because b2 approach takes user visible changes
in concepts of permission checks.

Probably, plan-cache should be also invalidated when user's property
was modified or grant/revoke is issued, in addition to the table itself.

Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>


pgsql-hackers by date:

Previous
From: Magnus Hagander
Date:
Subject: Re: pg_terminate_backend for same-role
Next
From: Ants Aasma
Date:
Subject: Re: [PATCH] Lazy hashaggregate when no aggregation is needed