Re: [v9.3] Row-Level Security
| От | Florian Pflug |
|---|---|
| Тема | Re: [v9.3] Row-Level Security |
| Дата | |
| Msg-id | 45CAFA51-C0CE-481B-86B9-C383E22AD172@phlo.org обсуждение исходный текст |
| Ответ на | Re: [v9.3] Row-Level Security (Kohei KaiGai <kaigai@kaigai.gr.jp>) |
| Ответы |
Re: [v9.3] Row-Level Security
Re: [v9.3] Row-Level Security |
| Список | pgsql-hackers |
On Jun27, 2012, at 07:18 , Kohei KaiGai wrote: > The problem is the way to implement it. > If we would have permission checks on planner stage, it cannot handle > a case when user-id would be switched prior to executor stage, thus > it needs something remedy to handle the scenario correctly. > Instead of a unique plan per query, it might be a solution to generate > multiple plans depending on user-id, and choose a proper one in > executor stage. > > Which type of implementation is what everybody is asking for? I think you need to a) Determine the user-id at planning time, and insert the matching RLS clause b1) Either re-plan the query if the user-id changes between planning and execution time, which means making the user-ida part of the plan-cache key. b2) Or decree that for RLS purposes, it's the user-id at planning time, not execution time, that counts. best regards, Florian Pflug
В списке pgsql-hackers по дате отправления: