| From: | Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com> |
|---|---|
| To: | Joe Conway <mail(at)joeconway(dot)com> |
| Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Multi-tenancy with RLS |
| Date: | 2015-10-05 23:56:40 |
| Message-ID: | CAJrrPGfALML3ZpB3aqbnxGRmy8a3UTDH6DSE=bGCgRNzW__fgA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Sep 11, 2015 at 7:50 AM, Joe Conway <mail(at)joeconway(dot)com> wrote:
> On 09/01/2015 11:25 PM, Haribabu Kommi wrote:
>> If any user is granted any permissions on that object then that user
>> can view it's meta data of that object from the catalog tables.
>> To check the permissions of the user on the object, instead of
>> checking each and every available option, I just added a new
>> privilege check option called "any". If user have any permissions on
>> the object, the corresponding permission check function returns
>> true. Patch attached for the same.
>>
>> Any thoughts/comments?
>
> Thanks for working on this! Overall I like the concept and know of use
> cases where it is critical and should be supported. Some comments:
Here I attached an updated version of the patch with the following changes.
Two options to the user to create catalog security on system catalog tables.
./initdb -C -D data
With the above option during initdb, the catalog security is enabled
on all shared system catalog
tables. With this way the user can achieve the catalog security at
database level. For some users
this may be enough. Currently enabling catalog security is supported
only at initdb.
ALTER DATABASE <database> WITH CATALOG SECURITY=true;
ALTER DATABASE <database> WITH CATALOG SECURITY=false;
With the above commands, user can enable/disable catalog security on a
database system catalog
tables if multi-tenancy requires at table level.
Currently setting catalog security at create database command is not
supported. And also with
alter database command to enable/disable to database where the backend
is not connected.
This is because of a restriction to execute the policy commands
without connecting to a database.
Pending things needs to be taken care:
1. select * from tenancy_user1_tbl1;
ERROR: permission denied for relation tenancy_user1_tbl1
As we are not able to see the above user table in any catalog relation
because of the multi-tenancy policies,
but if user tries to select the data of the table directly, The error
message comes as permission denied, I feel
instead of the permission denied error, in case of multi-tenancy is
enabled, the error message should be
"relation doesn't exist".
2. Correct all catalog relation policies
3. Add regression tests for all system catalog relations and views.
4. Documentation changes
Any comments?
Regards,
Hari Babu
Fujitsu Australia
| Attachment | Content-Type | Size |
|---|---|---|
| multi-tenancy_with_rls_poc_3.patch | application/octet-stream | 78.8 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2015-10-06 01:19:51 | Re: Shouldn't CREATE TABLE LIKE copy the relhasoids property? |
| Previous Message | Alvaro Herrera | 2015-10-05 18:14:44 | Re: factor out encoding dependent json/jsonb regression tests |