| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net>, Simon Charette <charette(dot)s(at)gmail(dot)com> |
| Cc: | Charles Clavadetscher <clavadetscher(at)swisspug(dot)org>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Recursive row level security policy |
| Date: | 2016-12-17 19:23:26 |
| Message-ID: | 057461ff-6f9a-cfc5-56bc-414cb4e540a7@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 12/17/2016 02:04 PM, Stephen Frost wrote:
> Note that RLS won't be applied for the table owner either (unless the
> relation has 'FORCE RLS' enabled for it), so you don't have to have
> functions which are run as superuser to use the approach Joe
> recommended.
Good point, thanks, I should have mentioned that. You would be better
off having a different user own both the table and the function in order
to avoid using/abusing the superuser for that purpose. Just be aware
that FORCE RLS would break that solution.
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Torsten Förtsch | 2016-12-17 20:33:32 | Re: SQL query problem of a Quiz program |
| Previous Message | Stephen Frost | 2016-12-17 19:04:27 | Re: Recursive row level security policy |