Multi-tenancy with RLS

From: Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com>
To: "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Multi-tenancy with RLS
Date: 2015-08-14 02:00:28
Message-ID: CAJrrPGdCZEVxQTs49CqxjjyffHKPFtff+sa6c6f5Z5grXztodw@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

This is regarding supporting of multi-tenancy in a single PostgreSQL instance
using the row level security feature. The main idea is to have the
"row level security"
enabled on system catalog tables, thus the user can get only the rows that are
either system objects or the user objects, where the user is the owner.

Example:

postgres=# create role test login;
postgres=# create role test1 login;

postgres=# \c postgres test
postgres=> create table test(f1 int);
postgres=> \d
List of relations
Schema | Name | Type | Owner
--------+------+-------+-------
public | test | table | test
(1 row)

postgres=> \c postgres test1
postgres=> create table test1(f1 int);
postgres=> \d
List of relations
Schema | Name | Type | Owner
--------+-------+-------+-------
public | test1 | table | test1
(1 row)

postgres=# \c postgres test
postgres=> \d
List of relations
Schema | Name | Type | Owner
--------+------+-------+-------
public | test | table | test
(1 row)

To enable row level security on system catalog tables, currently I
added a new database option to create/alter database. The syntax can
be changed later. Adding an option to database makes it easier for
users to enable/disable the row level security on system catalog
tables.

CREATE DATABASE USERDB WITH ROW LEVEL SECURITY = TRUE;
ALTER DATBASE USERDB WITH ROW LEVEL SECURITY = FALSE;

A new boolean column "datrowlevelsecurity" is added to pg_database
system catalog table to display the status of row level security on
that database.

Currently I just implemented the row level security is enabled only
for pg_class system table as a proof of concept. whenever the row
level security on the database is enabled/disabled, it internally
fires the create policy/remove policy commands using SPI interfaces.

Here I attached the proof concept patch.

Pending items:
1. Supporting of RLS on all system catalog tables
2. Instead of SPI interfaces, any better way to create/remove policies.

Any comments/suggestions regarding the way to achieve multi-tenancy in
PostgreSQL?

Regards,
Hari Babu
Fujitsu Australia

Attachment Content-Type Size
multi-tenancy_with_rls_poc.patch application/octet-stream 15.0 KB

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Michael Paquier 2015-08-14 03:32:32 Re: In-core regression tests for replication, cascading, archiving, PITR, etc.
Previous Message Michael Paquier 2015-08-13 23:24:34 Re: TAP tests are badly named