Re: Review of Row Level Security
| От | Robert Haas |
|---|---|
| Тема | Re: Review of Row Level Security |
| Дата | |
| Msg-id | CA+Tgmoa99TWKgOqDuJMd71K_usrUJMAYPacgXK19gLzinR2-0Q@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Review of Row Level Security ("Kevin Grittner" <kgrittn@mail.com>) |
| Список | pgsql-hackers |
On Thu, Dec 20, 2012 at 4:50 PM, Kevin Grittner <kgrittn@mail.com> wrote: > I don't think I like ALTER TABLE as a syntax for row level > security. How about using existing GRANT syntax but allowing a > WHERE clause? That seems more natural to me, and it would make it > easy to apply the same conditions to multiple types of operations > when desired, but use different expressions when desired. Without > having spent a lot of time pondering it, I think that if row level > SELECT permissions exist, they would need to be met on the OLD > tuple to allow DELETE or UPDATE, and UPDATE row level permissions > would be applied to the NEW tuple. This gets thorny if a role inherits from multiple roles each having a different RLS predicate. You can OR them together, but performance will likely suck. I initially thought of this as well, but I think it's just too ugly to live. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
В списке pgsql-hackers по дате отправления: