Skip site navigation (1) Skip section navigation (2)

Re: [v9.3] Row-Level Security

From: Florian Pflug <fgp(at)phlo(dot)org>
To: Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PgHacker <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [v9.3] Row-Level Security
Date: 2012-06-27 15:58:47
Message-ID: DFBBD1D7-68C0-4364-BF02-AFA56BEA8AF6@phlo.org (view raw or flat)
Thread:
Lists: pgsql-hackers
On Jun27, 2012, at 15:07 , Kohei KaiGai wrote:
> Probably, PlannedStmt->invalItems allows to handle invalidation of
> plan-cache without big code changes. I'll try to put a flag of user-id
> to track the query plan with RLS assumed, or InvalidOid if no RLS
> was applied in this plan.
> I'll investigate the implementation for more details.
> 
> Do we have any other scenario that run a query plan under different
> user privilege rather than planner stage?

Hm, what happens if a SECURITY DEFINER functions returns a refcursor?

Actually, I wonder how we handle that today. If the executor is
responsible for permission checks, that wouldn't we apply the calling
function's privilege level in that case, at least of the cursor isn't
fetched from in the SECURITY DEFINER function? If I find some time,
I'll check...

best regards,
Florian Pflug


In response to

Responses

pgsql-hackers by date

Next:From: Andres FreundDate: 2012-06-27 16:10:31
Subject: Re: [COMMITTERS] pgsql: Move WAL continuation record information to WAL page header.
Previous:From: Fujii MasaoDate: 2012-06-27 15:55:27
Subject: Re: Regarding WAL Format Changes

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group