| From: | Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp> |
|---|---|
| To: | Simon Riggs <simon(at)2ndquadrant(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Robert Haas <robertmhaas(at)gmail(dot)com> |
| Subject: | Re: Review of Row Level Security |
| Date: | 2012-12-09 06:08:31 |
| Message-ID: | CADyhKSUCmMeTFrJjMXxvXKBRbCR1Q5oiaacH61w87Oxho_DZHw@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
2012/12/7 Simon Riggs <simon(at)2ndquadrant(dot)com>:
> On 5 December 2012 11:16, Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp> wrote:
>
>>> * TRUNCATE works, and allows you to remove all rows of a table, even
>>> ones you can't see to run a DELETE on. Er...
>>>
>> It was my oversight. My preference is to rewrite TRUNCATE command
>> with DELETE statement in case when row-security policy is active on
>> the target table.
>> In this case, a NOTICE message may be helpful for users not to assume
>> the table is always empty after the command.
>
> I think the default must be to throw an ERROR, since part of the
> contract with TRUNCATE is that it is fast and removes storage.
>
OK. Does the default imply you are suggesting configurable
behavior using GUC or something?
I think both of the behaviors are reasonable from security point
of view, as long as user cannot remove unprivileged rows.
Thanks,
--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kohei KaiGai | 2012-12-09 06:21:31 | Re: Review of Row Level Security |
| Previous Message | Amit kapila | 2012-12-09 05:30:02 | Re: Review: Patch to compute Max LSN of Data Pages |