| From: | Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com> |
|---|---|
| To: | Joe Conway <mail(at)joeconway(dot)com> |
| Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Multi-tenancy with RLS |
| Date: | 2015-09-15 00:38:55 |
| Message-ID: | CAJrrPGe=sxuQ3GntNGUJHSstwMy+rv8hr3Oxe+a-vBtypMxgDQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Sep 11, 2015 at 7:50 AM, Joe Conway <mail(at)joeconway(dot)com> wrote:
> On 09/01/2015 11:25 PM, Haribabu Kommi wrote:
>> If any user is granted any permissions on that object then that user
>> can view it's meta data of that object from the catalog tables.
>> To check the permissions of the user on the object, instead of
>> checking each and every available option, I just added a new
>> privilege check option called "any". If user have any permissions on
>> the object, the corresponding permission check function returns
>> true. Patch attached for the same.
>>
>> Any thoughts/comments?
>
> Thanks for working on this! Overall I like the concept and know of use
> cases where it is critical and should be supported. Some comments:
Thanks for the review, I will take care of the comments in the next patch.
I didn't find any better approach other than creating policies automatically
or providing permission to superuser on system catalog tables. If everyone
feels as this is the best approach, then i will create policies for all catalog
tables in the next version.
Regards,
Hari Babu
Fujitsu Australia
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gavin Flower | 2015-09-15 01:39:46 | Re: [PROPOSAL] Covering + unique indexes. |
| Previous Message | Paul Jungwirth | 2015-09-14 23:18:39 | Re: Review: GiST support for UUIDs |