| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Artur Dudnik <adudnik(at)gmail(dot)com> |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #14060: row security policy does not work for updatable views |
| Date: | 2016-04-03 13:02:43 |
| Message-ID: | 20160403130243.GM10850@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Artur,
* Artur Dudnik (adudnik(at)gmail(dot)com) wrote:
> > Try creating the view as the 'test' user and you'll see that then accessing
> the table through the view will result in the RLS policy being applied.
>
> Sure, you are right.
>
> Excuse me for stupid question, but may be you will describe how I can
> create view for table with restricted access to rows per roles?
You can create the view as a role with a restricted set of access, as
described.
Alternatively, you can create a view owned by a role who has
unrestricted access to the table (such as the table owner) and then
implement the per-row restrictions there using WHERE and making the view
a security barrier view.
As with the regular GRANT system, it isn't possible to use the logged-in
role to perform access permission checks on a table which is being
queried through a view.
We may add support for defining policies on views in the future, but
that won't be until at least 9.7.
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2016-04-03 20:32:28 | Re: Re: BUG #13685: Archiving while idle every archive_timeout with wal_level hot_standby |
| Previous Message | Artur Dudnik | 2016-04-03 08:47:25 | Re: BUG #14060: row security policy does not work for updatable views |