Re: [RFC] Interface of Row Level Security

From: Florian Pflug <fgp(at)phlo(dot)org>
To: Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PgHacker <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [RFC] Interface of Row Level Security
Date: 2012-06-05 00:48:03
Message-ID: 87504E82-A4B0-4AEC-9A5F-12901DF570C5@phlo.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Jun4, 2012, at 18:38 , Kohei KaiGai wrote:
> 2012/6/4 Florian Pflug <fgp(at)phlo(dot)org>:
>> Without something like RLSBYPASS, the DBA needs to have intimate
>> knowledge about the different RLS policies to e.g. guarantee that his
>> backups aren't missing crucial information, or that the replication
>> system indeed replicates all rows.
>>
>> With RLSBYPASS, all he needs to do is grant one privilege to his
>> replication or backup user. The rest can be left to the development
>> or support team for a specific application.

> It seems to me you can define a function which implements site-
> specific security requirement (E.g "backup should not be prevented
> by RLS policy"), then include it as a part of RLS policy
> (or implicitly added by extensions, like sepgsql tries to do).

Sure. But that requires each and every application which uses RLS
to provide support for special backup (or replication, or whatever)
privileges. And it requires the DBA to know how to assign these
privileges to certain roles for each any every application in question.
For shops which uses a lot of different applications, all with their
own RLS policy, that can quickly get out of hand.

Plus, a bug in one of these RLS policies has the potential to render
backups incomplete.

best regards,
Florian Pflug

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2012-06-05 01:02:05 Re: [RFC] Interface of Row Level Security
Previous Message Tom Lane 2012-06-04 23:01:37 Re: No, pg_size_pretty(numeric) was not such a hot idea