| From: | Yeb Havinga <yebhavinga(at)gmail(dot)com> |
|---|---|
| To: | Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PgHacker <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [RFC] Interface of Row Level Security |
| Date: | 2012-05-31 07:30:18 |
| Message-ID: | 4FC71E0A.8070500@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2012-05-30 21:26, Kohei KaiGai wrote:
> If we would have an "ideal optimizer", I'd still like the optimizer to
> wipe out redundant clauses transparently, rather than RLSBYPASS
> permissions, because it just controls all-or-nothing stuff.
> For example, if tuples are categorized to unclassified, classified or
> secret, and RLS policy is configured as:
> ((current_user IN ('alice', 'bob') AND X IN ('unclassified',
> 'classified')) OR (X IN 'unclassified)),
> superuser can see all the tuples, and alice and bob can see
> up to classified tuples.
> Is it really hard to wipe out redundant condition at planner stage?
> If current_user is obviously 'kaigai', it seems to me the left-side of
> this clause can be wiped out at the planner stage.
The query's RLS policy would be simpler if the RLS policy function that
returns the WHERE clause would take the user as argument, so its result
does not contain user conditionals.
IF (current_user IN ('alice', 'bob')
THEN
RETURN X IN ('unclassified', 'classified'))
ELSE
RETURN X IN ('unclassified')
END IF;
regards,
Yeb
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2012-05-31 08:00:42 | Re: FailedAssertion("!(PrivateRefCount[i] == 0)", File: "bufmgr.c", Line: 1741 |
| Previous Message | Devrim GÜNDÜZ | 2012-05-31 06:21:03 | Re: Uppercase tab completion keywords in psql? |