| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Caleb Meredith <calebmeredith8(at)gmail(dot)com> |
| Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Can row level security policies also be implemented for views? |
| Date: | 2015-11-25 13:40:25 |
| Message-ID: | 20151125134025.GV3685@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Caleb,
* Caleb Meredith (calebmeredith8(at)gmail(dot)com) wrote:
> I'm developing an application where strict control of my data is important.
> Views allow me to build a strict custom reading experience, allowing me to
> add computed columns and hide private and metadata columns. Row level
> security allows me strict write control of my data. However, I can't use
> both technologies together, why?
The short and simple answer is that it simply hasn't been done yet.
> It seems easy conceptually, RLS just adds a WHERE clause to queries if I'm
> not mistaken, and conceptually a view is just a query. The CURRENT_USER
> issue is valid, but personally it's not too big for me as most auth is done
> through database parameters.
The hard part is making sure that what happens when there are policies
on views actually makes sense and works as users expect.
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2015-11-25 13:42:35 | Re: "trust" authentication in pg_hba.conf |
| Previous Message | Albe Laurenz | 2015-11-25 13:39:59 | Re: Query failed: ERROR: character with byte sequence 0xc2 0x96 in encoding "UTF8" has no equivalent in encoding "WIN1250" |