Skip site navigation (1) Skip section navigation (2)

Virtual Private Database

From: Jean-Gérard Pailloncy <jg(at)rilk(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Virtual Private Database
Date: 2010-04-10 14:00:07
Message-ID: 8a83b6ac17263315e0c2cc07c65eb0ab.squirrel@webmail.rilk.com (view raw or flat)
Thread:
Lists: pgsql-hackers
Hello,

1) VPD: Virtual Private Database
I would appreciate to have a new feature in PostgreSQL.
This is an oracle-like feature that implement "Row Level Security".
This feature may be emulated by using VIEW/RULE but this is very time
consuming and error prone.

I would appreciated to have an estimated of the faisability and the cost
to implement it.

2) Description
The feature may be implemented with a simple expression associated to the
table.

ALTER TABLE table_name ADD FILTER filter_name CHECK(expression);
ALTER TABLE table_name DROP FILTER filter_name;

Usage/example:
ALTER TABLE filtered_table ADD FILTER tf_username
CHECK(filtered_table.creator=user)
SELECT * FROM filtered_table;
will really do
SELECT * FROM filtered_table WHERE filtered_table.creator=user;

Same thing for INSERT, UDPATE, and DELETE

UPDATE filtered_table SET b_column=1 WHERE a_column='a';
wille really do
UPDATE filtered_table SET b_column=1 WHERE a_column='a' and
filtered_table.creator=user;

In practice, the devs will create few function: my_login, my_logout,
my_filter
and the simple "filtered_table.creator=user" will be replace by ACL
encapsulated in the function my_filter and add a triger to check data on
INSERT, UDPATE.
We could use veil to build a very efficient filter.

3) Question
- Is it doable ?
- Is it the sound way of doing it ?
- Is it possible to have it in core ?
- Is there a pgsql dev interested to implemented it ?
- Is there other people interested in such feature ?
- How much this will cost ?
- With which delay ?


Cordialement,
Jean-Gérard Pailloncy


Responses

pgsql-hackers by date

Next:From: Yeb HavingaDate: 2010-04-10 16:05:02
Subject: Re: extended operator classes vs. type interfaces
Previous:From: Robert HaasDate: 2010-04-10 13:18:34
Subject: Re: GSoC - proposal - Materialized Views in PostgreSQL

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group