| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com> |
| Cc: | Joe Conway <mail(at)joeconway(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Multi-tenancy with RLS |
| Date: | 2015-10-06 11:29:04 |
| Message-ID: | 20151006112904.GK3685@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Haribabu Kommi (kommi(dot)haribabu(at)gmail(dot)com) wrote:
> On Tue, Oct 6, 2015 at 10:56 AM, Haribabu Kommi
> <kommi(dot)haribabu(at)gmail(dot)com> wrote:
> > Here I attached an updated version of the patch with the following changes.
>
> I found some problems related to providing multi-tenancy on a system
> catalog view.
> This is because, system catalog view uses the owner that is created
> the user instead
> of the current user by storing the user information in "checkAsUser"
> field in RangeTblEntry
> structure.
Right, when querying through a view to tables underneath, we use the
permissions of the view owner. View creators should be generally aware
of this already.
I agree that it adds complications to the multi-tenancy idea since the
system views, today, allow viewing of all objects. There are two ways
to address that:
Modify the system catalog views to include the same constraints that the
policies on the tables do
or
Allow RLS policies against views and then create the necessary policies
on the views in the catalog.
My inclination is to work towards the latter as that's a capability we'd
like to have anyway.
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kyotaro HORIGUCHI | 2015-10-06 11:35:06 | Re: [Proposal] Table partition + join pushdown |
| Previous Message | Syed, Rahila | 2015-10-06 10:47:17 | Re: [PROPOSAL] VACUUM Progress Checker. |