Re: Multi-tenancy with RLS

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com>
Cc: Joe Conway <mail(at)joeconway(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Multi-tenancy with RLS
Date: 2015-10-06 11:29:04
Message-ID: 20151006112904.GK3685@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

* Haribabu Kommi (kommi(dot)haribabu(at)gmail(dot)com) wrote:
> On Tue, Oct 6, 2015 at 10:56 AM, Haribabu Kommi
> <kommi(dot)haribabu(at)gmail(dot)com> wrote:
> > Here I attached an updated version of the patch with the following changes.
>
> I found some problems related to providing multi-tenancy on a system
> catalog view.
> This is because, system catalog view uses the owner that is created
> the user instead
> of the current user by storing the user information in "checkAsUser"
> field in RangeTblEntry
> structure.

Right, when querying through a view to tables underneath, we use the
permissions of the view owner. View creators should be generally aware
of this already.

I agree that it adds complications to the multi-tenancy idea since the
system views, today, allow viewing of all objects. There are two ways
to address that:

Modify the system catalog views to include the same constraints that the
policies on the tables do

or

Allow RLS policies against views and then create the necessary policies
on the views in the catalog.

My inclination is to work towards the latter as that's a capability we'd
like to have anyway.

Thanks!

Stephen

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Kyotaro HORIGUCHI 2015-10-06 11:35:06 Re: [Proposal] Table partition + join pushdown
Previous Message Syed, Rahila 2015-10-06 10:47:17 Re: [PROPOSAL] VACUUM Progress Checker.