Re: [v9.3] Row-Level Security

Florian G. Pflug <fgp@phlo.org>

From: Florian Pflug <fgp@phlo.org>
To: Kohei KaiGai <kaigai@kaigai.gr.jp>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Robert Haas <robertmhaas@gmail.com>, PgHacker <pgsql-hackers@postgresql.org>
Date: 2012-06-27T11:21:49Z
Lists: pgsql-hackers
On Jun27, 2012, at 07:18 , Kohei KaiGai wrote:
> The problem is the way to implement it.
> If we would have permission checks on planner stage, it cannot handle
> a case when user-id would be switched prior to executor stage, thus
> it needs something remedy to handle the scenario correctly.
> Instead of a unique plan per query, it might be a solution to generate
> multiple plans depending on user-id, and choose a proper one in
> executor stage.
> 
> Which type of implementation is what everybody is asking for?

I think you need to

 a) Determine the user-id at planning time, and insert the matching
    RLS clause

b1) Either re-plan the query if the user-id changes between planning
    and execution time, which means making the user-id a part of the
    plan-cache key.

b2) Or decree that for RLS purposes, it's the user-id at planning time,
    not execution time, that counts.

best regards,
Florian Pflug