Re: [PATCH] Add reloption for views to enable RLS

From: Christoph Heiss <christoph(dot)heiss(at)cybertec(dot)at>
To: Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, pgsql-hackers(at)postgresql(dot)org
Cc: Hans-Jürgen Schönig <hs(at)cybertec(dot)at>
Subject: Re: [PATCH] Add reloption for views to enable RLS
Date: 2022-01-18 15:16:53
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

Hi Laurenz,

thanks for the review!
I've attached a v2 where I addressed the things you mentioned.

On 1/11/22 19:59, Laurenz Albe wrote:
> [..]
> You made that an enum with only a single value.
> What other values could you imagine in the future?
> I think that this should be a boolean reloption, for example "security_definer".
> If unset or set to "off", you would get the current behavior.

A boolean option would have been indeed the better choice, I agree.
I haven't though of any specific other values for this enum, it was
rather a decision following a off-list discussion.

I've changed the option to be boolean and renamed it to
"security_invoker". This puts it in line with how other systems (e.g.
MySQL) name their equivalent feature, so I think this should be an
appropriate choice.

>> Finally, patch 0003 updates the documentation for this new reloption.
> [..]
> Please avoid long lines like that.


> Also, I don't think that the documentation on
> RLS policies is the correct place for this. It should be on a page dedicated to views
> or permissions.
> The CREATE VIEW page already has a paragraph about this, starting with
> "Access to tables referenced in the view is determined by permissions of the view owner."
> This looks like the best place to me (and it would need to be adapted anyway).
It makes sense to put it there, thanks for the pointer! I wasn't really
that sure where to put the documentation to start with, and this seems
like a more appropriate place.

Please review further.

Christoph Heiss

Attachment Content-Type Size
0001-PATCH-v2-1-3-Add-new-boolean-reloption-security_invo.patch text/x-patch 10.1 KB
0002-PATCH-v2-2-3-Add-regression-tests-for-new-security_i.patch text/x-patch 12.7 KB
0003-PATCH-v2-3-3-Add-documentation-for-new-security_invo.patch text/x-patch 4.0 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2022-01-18 15:24:24 Re: Replace uses of deprecated Python module distutils.sysconfig
Previous Message Robert Haas 2022-01-18 15:04:56 Re: Refactoring of compression options in pg_basebackup