| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Kevin Grittner <kgrittn(at)mail(dot)com> |
| Cc: | Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>, Stephen Frost <sfrost(at)snowman(dot)net>, Simon Riggs <simon(at)2ndquadrant(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Review of Row Level Security |
| Date: | 2012-12-21 14:17:20 |
| Message-ID: | CA+Tgmoa99TWKgOqDuJMd71K_usrUJMAYPacgXK19gLzinR2-0Q@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Dec 20, 2012 at 4:50 PM, Kevin Grittner <kgrittn(at)mail(dot)com> wrote:
> I don't think I like ALTER TABLE as a syntax for row level
> security. How about using existing GRANT syntax but allowing a
> WHERE clause? That seems more natural to me, and it would make it
> easy to apply the same conditions to multiple types of operations
> when desired, but use different expressions when desired. Without
> having spent a lot of time pondering it, I think that if row level
> SELECT permissions exist, they would need to be met on the OLD
> tuple to allow DELETE or UPDATE, and UPDATE row level permissions
> would be applied to the NEW tuple.
This gets thorny if a role inherits from multiple roles each having a
different RLS predicate. You can OR them together, but performance
will likely suck. I initially thought of this as well, but I think
it's just too ugly to live.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2012-12-21 14:19:18 | Re: Review of Row Level Security |
| Previous Message | Robert Haas | 2012-12-21 14:09:51 | Re: Feature Request: pg_replication_master() |