Re: Improving RLS planning
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Robert Haas <robertmhaas@gmail.com>
Cc: "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2016-10-26T17:20:53Z
Lists: pgsql-hackers
Robert Haas <robertmhaas@gmail.com> writes: > This might work for RLS policies, if they can only reference a single > table, but I can't see how it's going to work for security barrier > views. For example, consider CREATE VIEW v WITH (security_barrier) AS > SELECT * FROM x, y WHERE x.a = y.a followed by SELECT * FROM v WHERE > leak(somefield). somefield is necessarily coming from either x or y, > and you can't let it be passed to leak() except for rows where the > join qual has been satisfied. Right, so quals from above the SB view would have to not be allowed to drop below the join level (but they could fall *to* the join level, where they'd be applied after the join's own quals). I mentioned that in the part of the message you cut. I don't have a detailed design yet but it seems possible, and I expect it to be a lot simpler than the Rube Goldberg design we've got for SB views now. regards, tom lane
Commits
-
Improve RLS planning by marking individual quals with security levels.
- 215b43cdc8d6 10.0 landed