Skip site navigation (1) Skip section navigation (2)

Re: [v9.3] Row-Level Security

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Florian Pflug <fgp(at)phlo(dot)org>
Cc: Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>, Robert Haas <robertmhaas(at)gmail(dot)com>, PgHacker <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [v9.3] Row-Level Security
Date: 2012-06-28 15:46:50
Message-ID: 13647.1340898410@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Florian Pflug <fgp(at)phlo(dot)org> writes:
> On Jun28, 2012, at 17:29 , Tom Lane wrote:
>> I believe it works today, because the executor only applies permissions
>> checks during query startup.  So those checks are executed while still
>> within the SECURITY DEFINER context, and should behave as expected.
>> Subsequently, the cursor portal is returned to caller and caller can
>> execute it to completion, no problem.

> Don't we (sometimes?) defer query startup to the first time FETCH is
> called?

There are things inside individual plan node functions that may only
happen when the first row is demanded, but permissions checks are done
in ExecutorStart().

			regards, tom lane

In response to

pgsql-hackers by date

Next:From: Andrew DunstanDate: 2012-06-28 15:50:30
Subject: Re: Covering Indexes
Previous:From: Jeff JanesDate: 2012-06-28 15:37:55
Subject: Re: Covering Indexes

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group