| From: | Florian Pflug <fgp(at)phlo(dot)org> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>, Alastair Turner <bell(at)ctrlf5(dot)co(dot)za>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PgHacker <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [RFC] Interface of Row Level Security |
| Date: | 2012-05-29 14:44:43 |
| Message-ID: | E8D3F853-5C0E-4403-A326-BB77AE78028B@phlo.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On May29, 2012, at 16:34 , Robert Haas wrote:
> One idea might be to have a grantable permission that permits the RLS
> policy to be bypassed. So, if a user has only SELECT permission, they
> can select from the table, but the RLS policy will apply. If they
> have both SELECT and RLSBYPASS (probably not what we really want to
> call it) permission, then they can select from the table and the RLS
> policy will be skipped. This means that superusers automatically skip
> all RLS policies (which seems right) and table owners skip them by
> default (but could revoke their own privileges) and other people can
> skip them if the table owner (or the superuser) grants them the
> appropriate privilege on the table involved.
I like it. Seems to support all use-cases I can come up with, and extends
existing privilege semantics in a natural way.
best regards,
Florian Pflug
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kohei KaiGai | 2012-05-29 14:57:15 | Re: [RFC] Interface of Row Level Security |
| Previous Message | Robert Haas | 2012-05-29 14:34:10 | Re: [RFC] Interface of Row Level Security |