Re: [PATCH] Add reloption for views to enable RLS
Christoph Heiss <christoph.heiss@cybertec.at>
From: Christoph Heiss <christoph.heiss@cybertec.at>
To: walther@technowledgy.de, Laurenz Albe <laurenz.albe@cybertec.at>,
pgsql-hackers@postgresql.org
Cc: Hans-Jürgen Schönig <hs@cybertec.at>
Date: 2022-02-15T12:02:29Z
Lists: pgsql-hackers
Attachments
- v7-0001-Add-new-boolean-reloption-security_invoker-to-vie.patch (text/x-patch) patch v7-0001
Hi, On 2/15/22 09:37, walther@technowledgy.de wrote: > Christoph Heiss: >>> xxx_owner=true would be the default and xxx_owner=false could be set >>> explicitly to get the behavior we are looking for in this patch? >> >> I'm not sure if an option which is on by default would be best, IMHO. >> I would rather have an off-by-default option, so that you explicitly >> have to turn *on* that behavior rather than turning *off* the current. > > Just out of curiosity I asked myself whether there were any other > boolean options that default to true in postgres - and there are plenty. > ./configure options, client connection settings, server config options, > etc - but also some SQL statements: > - CREATE USER defaults to LOGIN > - CREATE ROLE defaults to INHERIT > - CREATE COLLATION defaults to DETERMINISTIC=true > > There's even reloptions, that do, e.g. vacuum_truncate. Knowing that I happily drop my objection about that. :^) > [..] The more I think about it, the more it becomes clear that > really the current default behavior of "running the query as the view > owner" is the special thing here, not the behavior you are introducing. > > If we were to start from scratch, it would be pretty obvious - to me - > that run_as_owner=false would be the default, and the run_as_owner=true > would need to be turned on explicitly. I'm thinking about "run_as_owner" > as the better design and "defaults to true" as a backwards compatibility > thing. Right, if we treat that as a kind of "backwards-compatible" feature, having an reloption that is on by default makes sense. I converted the option to run_as_owner=true|false in the attached v7. It now definitely seems like the right way to move forward and getting more feedback. Thanks, Christoph Heiss
Commits
-
Add support for security invoker views.
- 7faa5fc84bf4 15.0 landed
-
Replace use of deprecated Python module distutils.sysconfig
- e0e567a10672 15.0 cited