| From: | "Alexander M(dot) Sauer-Budge" <ambudge(at)alum(dot)mit(dot)edu> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Row security policies documentation question |
| Date: | 2016-05-31 20:59:59 |
| Message-ID: | 2807A25C-E61C-42B7-BF6C-0F546C94AEBE@alum.mit.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hello,
Section 5.7. on Row Security Policies (https://www.postgresql.org/docs/current/static/ddl-rowsecurity.html) for 9.5 says:
As a simple example, here is how to create a policy on the account relation to allow only members of the managers role to access rows, and only rows of their accounts:
CREATE TABLE accounts (manager text, company text, contact_email text);
ALTER TABLE accounts ENABLE ROW LEVEL SECURITY;
CREATE POLICY account_managers ON accounts TO managers
USING (manager = current_user);
If no role is specified, or the special user name PUBLIC is used, then the policy applies to all users on the system. To allow all users to access their own row in a users table, a simple policy can be used:
CREATE POLICY user_policy ON users
USING (user = current_user);
---
I’m trying understand the example as it references both an `accounts` table and a `users` table which isn’t defined. Is this a mishmash of example fragments or should the CREATE POLICY statement reference the `accounts` table instead of `users`? Specifically, what does `user` reference in the statement "CREATE POLICY user_policy ON users USING (user = current_user);”? Is this a table column in a `users` table the example doesn’t define or does PostgreSQL keep track of what user/role inserted a row and allow policies to use it?
Thanks!
Alex
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2016-05-31 21:16:00 | Re: Row security policies documentation question |
| Previous Message | Joseph Kregloh | 2016-05-31 20:46:13 | Re: Log Shipping |