Re: Multi-tenancy with RLS

From: Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Joe Conway <mail(at)joeconway(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Amit Langote <Langote_Amit_f8(at)lab(dot)ntt(dot)co(dot)jp>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Multi-tenancy with RLS
Date: 2016-07-19 06:42:52
Message-ID: CAJrrPGcaD=+222KRkTWnmA_h=A+Fm1Q925Y-LVjNgAcMPKDQ_w@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hi All,

Here I attached new set of patches related to supporting of multi tenancy.
All the existing old patches are just rebased to latest master.

A new patch is added to address the pg_dump problem of dumping the data
based on the visibility after applying catalog row level security policies.

A new GUC catalog_row_level_security option is added, this option is
ON by default
and it will be set to OFF by pg_dump whenever --disable-catalog-row-security is
passed as an option to pg_dump. I didn't add this option to pg_restore similar
like --enable-row-security as I don't find a need for the same. By
default pg_dump
dumps the data that is visible to the user, whenever the catalog_row_security is
disabled and there exists some row level security policies, an error
is thrown similar
like row_security.

The above changes are based on my understanding to the discussion occurred in
this mail. In case if I miss anything, please let me know, i will
correct the same.

Regards,
Hari Babu
Fujitsu Australia

Attachment Content-Type Size
5_pgdump_new_row_security_option_v1.patch application/octet-stream 7.6 KB
1_any_privilege_option_v1.patch application/octet-stream 5.3 KB
2_view_security_definer_v1.patch application/octet-stream 12.9 KB
3_shared_catalog_tenancy_v1.patch application/octet-stream 20.9 KB
4_database_catalog_tenancy_v1.patch application/octet-stream 92.6 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Haribabu Kommi 2016-07-19 06:59:12 Any need of GRANT/REVOKE CREATE TABLE | POLICY | ETC
Previous Message Michael Paquier 2016-07-19 05:13:36 Re: [BUG] pg_basebackup from disconnected standby fails