| From: | Florian Pflug <fgp(at)phlo(dot)org> |
|---|---|
| To: | Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, PgHacker <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [v9.3] Row-Level Security |
| Date: | 2012-06-27 11:21:49 |
| Message-ID: | 45CAFA51-C0CE-481B-86B9-C383E22AD172@phlo.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Jun27, 2012, at 07:18 , Kohei KaiGai wrote:
> The problem is the way to implement it.
> If we would have permission checks on planner stage, it cannot handle
> a case when user-id would be switched prior to executor stage, thus
> it needs something remedy to handle the scenario correctly.
> Instead of a unique plan per query, it might be a solution to generate
> multiple plans depending on user-id, and choose a proper one in
> executor stage.
>
> Which type of implementation is what everybody is asking for?
I think you need to
a) Determine the user-id at planning time, and insert the matching
RLS clause
b1) Either re-plan the query if the user-id changes between planning
and execution time, which means making the user-id a part of the
plan-cache key.
b2) Or decree that for RLS purposes, it's the user-id at planning time,
not execution time, that counts.
best regards,
Florian Pflug
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2012-06-27 11:34:48 | Re: Posix Shared Mem patch |
| Previous Message | Andres Freund | 2012-06-27 10:33:02 | Re: [PATCH 01/16] Overhaul walsender wakeup handling |