Re: Row-security on updatable s.b. views

On 01/30/2014 01:25 PM, Craig Ringer wrote:
> On 01/29/2014 09:47 PM, Craig Ringer wrote:
>> https://github.com/ringerc/postgres/compare/rls-9.4-upd-sb-views
>>
>> i.e. https://github.com/ringerc/postgres.git ,
>> branch rls-9.4-upd-sb-views
>>
>> (subject to rebasing) or the non-rebased tag rls-9.4-upd-sb-views-v2
>
> Pushed an update to the branch. New update tagged
> rls-9.4-upd-sb-views-v3 . Fixes an issue with rowmarking that stems from
> the underlying updatable s.b. views patch.
>
> Other tests continue to fail, this isn't ready yet.

Specifically:

- Needs checks in AT INHERITS, AT SET ROW SECURITY, and CT INHERITS to
prohibit any combination of inheritance and row-security, per:

http://www.postgresql.org/message-id/52EA01C3.70804@2ndquadrant.com

- row-security rule recursion detection isn't solved yet, it just
overflows the stack.

- COPY doesn't know anything about row-security

- I'm just starting to chase some odd errors in the tests, "ERROR:
failed to find unique expression in subplan tlist" and "ERROR: could
not open file "base/16384/30070": No such file or directory". Their
cause/origin is not yet known, but they're specific to when row-security
policy is being applied.

- policies based on current_user don't "remember" current_user when rows
are pulled from refcursor returned by a security definer function.

There is a chunk of work here. Anybody who wants row-security to happen
for 9.4, please pick something and pitch in.

(Or we could just decide that my rebased and tweaked version of KaiGai's
original patch internal query structure twiddling aside, is the best way
forward after all. That leaves only the last item to deal with.)

--
Craig Ringer http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services