Postgres Pro
Downloads
Home   >   mailing lists

Re: Multi-tenancy with RLS - Mailing list pgsql-hackers

From Haribabu Kommi
Subject Re: Multi-tenancy with RLS
Date
Msg-id CAJrrPGfALML3ZpB3aqbnxGRmy8a3UTDH6DSE=bGCgRNzW__fgA@mail.gmail.com
Whole thread Raw
In response to Re: Multi-tenancy with RLS  (Joe Conway <mail@joeconway.com>)
Responses Re: Multi-tenancy with RLS  (Haribabu Kommi <kommi.haribabu@gmail.com>)
List pgsql-hackers
Tree view 
On Fri, Sep 11, 2015 at 7:50 AM, Joe Conway <mail@joeconway.com> wrote:
> On 09/01/2015 11:25 PM, Haribabu Kommi wrote:
>> If any user is granted any permissions on that object then that user
>> can view it's meta data of that object from the catalog tables.
>> To check the permissions of the user on the object, instead of
>> checking each and every available option, I just added a new
>> privilege check option called "any". If user have any permissions on
>> the object, the corresponding permission check function returns
>> true. Patch attached for the same.
>>
>> Any thoughts/comments?
>
> Thanks for working on this! Overall I like the concept and know of use
> cases where it is critical and should be supported. Some comments:

Here I attached an updated version of the patch with the following changes.

Two options to the user to create catalog security on system catalog tables.

./initdb -C -D data

With the above option during initdb, the catalog security is enabled
on all shared system catalog
tables. With this way the user can achieve the catalog security at
database level. For some users
this may be enough. Currently enabling catalog security is supported
only at initdb.

ALTER DATABASE <database> WITH CATALOG SECURITY=true;
ALTER DATABASE <database> WITH CATALOG SECURITY=false;

With the above commands, user can enable/disable catalog security on a
database system catalog
tables if multi-tenancy requires at table level.

Currently setting catalog security at create database command is not
supported. And also with
alter database command to enable/disable to database where the backend
is not connected.
This is because of a restriction to execute the policy commands
without connecting to a database.


Pending things needs to be taken care:

1. select * from tenancy_user1_tbl1;
    ERROR:  permission denied for relation tenancy_user1_tbl1

As we are not able to see the above user table in any catalog relation
because of the multi-tenancy policies,
but if user tries to select the data of the table directly, The error
message comes as permission denied, I feel
instead of the permission denied error, in case of multi-tenancy is
enabled, the error message should be
"relation doesn't exist".

2. Correct all catalog relation policies
3. Add regression tests for all system catalog relations and views.
4. Documentation changes

Any comments?

Regards,
Hari Babu
Fujitsu Australia
Attachment

pgsql-hackers by date:

Previous
From: Stas Kelvich
Date:
Subject: Tsvector editing functions
Next
From: Bruce Momjian
Date:
Subject: Re: Shouldn't CREATE TABLE LIKE copy the relhasoids property?