From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Noah Misch <noah(at)leadboat(dot)com> |
Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Joe Conway <mail(at)joeconway(dot)com> |
Subject: | Re: row_security GUC, BYPASSRLS |
Date: | 2015-10-02 20:47:09 |
Message-ID: | CA+TgmoYTfsECYYLZ=FWxUmSVRLxGj41aToxV3hK-4HA+wBU2Vw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Thu, Oct 1, 2015 at 11:10 PM, Noah Misch <noah(at)leadboat(dot)com> wrote:
> On Mon, Sep 28, 2015 at 05:13:56PM -0400, Stephen Frost wrote:
>> * Noah Misch (noah(at)leadboat(dot)com) wrote:
>> > In schema reviews, I will raise a red flag for use of this feature; the best
>> > designs will instead use additional roles. I forecast that PostgreSQL would
>> > fare better with no owner-constrained-by-RLS capability. Even so, others want
>> > it, and FORCE ROW SECURITY would deliver it with an acceptable risk profile.
>>
>> I've attached a patch to implement it. It's not fully polished but it's
>> sufficient for comment, I believe. Additional comments, documentation
>> and regression tests are to be added, if we have agreement on the
>> grammer and implementation approach.
>
> This patch has FORCE ROW LEVEL SECURITY take precedence over row_security=off,
> which thwarts pg_dump use of row_security=off to ensure dump completeness.
Yeah, I think that's NOT ok.
> Should this be a table-level flag, or should it be a policy-level flag? A
> policy-level flag is more powerful. If nobody really anticipates using that
> power, this table-level flag works for me.
Either works for me.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2015-10-02 20:52:40 | Re: Request for dogfood volunteers (was No Issue Tracker - Say it Ain't So!) |
Previous Message | Robert Haas | 2015-10-02 20:44:48 | Re: Potential GIN vacuum bug |