Re: Improving RLS planning

Stephen Frost <sfrost@snowman.net>

From: Stephen Frost <sfrost@snowman.net>
To: Dean Rasheed <dean.a.rasheed@gmail.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2016-11-11T14:45:20Z
Lists: pgsql-hackers
* Dean Rasheed (dean.a.rasheed@gmail.com) wrote:
> On 10 November 2016 at 17:12, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> > Yeah, I think we'd be best off to avoid the bare term "security".
> > It's probably too late to change the RTE field name "securityQuals",
> > but maybe we could uniformly call those "security barrier quals" in
> > the comments.  Then the basic terminology is that we have security
> > barrier views and row-level security both implemented on top of
> > security barrier quals, and we should be careful to use the right
> > one of those three terms in comments/documentation.
> 
> +1 for that terminology and no renaming of fields.

Agreed.

Thanks!

Stephen

Commits

  1. Improve RLS planning by marking individual quals with security levels.