From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
---|---|
To: | "Alexander M(dot) Sauer-Budge" <ambudge(at)alum(dot)mit(dot)edu> |
Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Row security policies documentation question |
Date: | 2016-05-31 21:16:00 |
Message-ID: | CAKFQuwZNTJAj3mmuYjxk3j8sMawrOBSOSrSABO4aOr-cG=YBuA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Tue, May 31, 2016 at 4:59 PM, Alexander M. Sauer-Budge <
ambudge(at)alum(dot)mit(dot)edu> wrote:
> Hello,
>
> Section 5.7. on Row Security Policies (
> https://www.postgresql.org/docs/current/static/ddl-rowsecurity.html) for
> 9.5 says:
>
[...]
>
>
> CREATE POLICY user_policy ON users
> USING (user = current_user);
>
> ---
>
> I’m trying understand the example as it references both an `accounts`
> table and a `users` table which isn’t defined. Is this a mishmash of
> example fragments or should the CREATE POLICY statement reference the
> `accounts` table instead of `users`? Specifically, what does `user`
> reference in the statement "CREATE POLICY user_policy ON users USING (user
> = current_user);”?
> Is this a table column in a `users` table the example doesn’t define or
> does PostgreSQL keep track of what user/role inserted a row and allow
> policies to use it?
>
It assumes the user can envision a trivial "users" table having at least a
column named "user" that represents the user's name/id and which the names
of said users are identical to those assigned to them in the PostgreSQL
database and accessible via the "pg_authid" catalog (rolname) and its
related views: namely "pg_user" (usename).
So, in effect the following works, and returns a single row.
SELECT *
FROM users
JOIN pg_user ON (user = usename)
WHERE user = current_user;
David J.
From | Date | Subject | |
---|---|---|---|
Next Message | carlos | 2016-05-31 21:18:26 | plql and or clausule |
Previous Message | Alexander M. Sauer-Budge | 2016-05-31 20:59:59 | Row security policies documentation question |