Re: Review of Row Level Security
Kohei KaiGai <kaigai@kaigai.gr.jp>
From: Kohei KaiGai <kaigai@kaigai.gr.jp>
To: Stephen Frost <sfrost@snowman.net>
Cc: Kevin Grittner <kgrittn@mail.com>, Simon Riggs <simon@2ndquadrant.com>, Tom Lane <tgl@sss.pgh.pa.us>, Robert Haas <robertmhaas@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2012-12-22T05:18:24Z
Lists: pgsql-hackers
2012/12/21 Stephen Frost <sfrost@snowman.net>: >> It seems to me we need some more discussion about design and >> implementation on row-security checks of writer-side, to reach our >> consensus. > > Again, I agree with Kevin on this- there should be a wiki or similar > which actually outlines the high-level design, syntax, etc. That would > help us understand and be able to meaningfully comment about the > approach. > I also. RLS entry of wiki has not been updated for long time, I'll try to update the entry for high-level design in a couple of days. >> On the other hand, we are standing next to the consensus about >> reader-side; a unique row-security policy (so, first version does not >> support per-command policy) shall be checked on table scanning >> on select, update or delete commands. > > I don't feel that we've really reached a consensus about the > 'reader-side' implemented in this patch- rather, we've agreed (at a > pretty high level) what the default impact of RLS for SELECT queries is. > While I'm glad that we were able to do that, I'm rather dismayed that it > took a great deal of discussion to get to that point. > > Thanks, > > Stephen -- KaiGai Kohei <kaigai@kaigai.gr.jp>