Re: [RFC] Interface of Row Level Security
| От | Kohei KaiGai |
|---|---|
| Тема | Re: [RFC] Interface of Row Level Security |
| Дата | |
| Msg-id | CADyhKSVG7nOjANkWmt1J80bbR=Z2xFtkegkbBXXGRkk1YCQHQQ@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: [RFC] Interface of Row Level Security (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
2012/6/4 Tom Lane <tgl@sss.pgh.pa.us>: > Kohei KaiGai <kaigai@kaigai.gr.jp> writes: >> Here is two problems around RLSBYPASS. The first is we have >> no idea to handle invalidation of prepared-statement when current >> user is switched, right now. > > How is that specifically the fault of RLSBYPASS? *Any* of the schemes > you're proposing for inlined RLS checks will have problems with userID > switching. > Really? I don't find out a scenario that cause a problem with user-id switching in case when RLS policy is *unconditionally* appended then evaluated on executor stage. I'd like to see the scenario. > My guess is we'd have to treat the effective userID as part of the > plancache lookup key to make it safe to inline anything related to RLS. > It might be a solution, if we append individual RLS policy at the planner stage, depending on user-id. Thanks, -- KaiGai Kohei <kaigai@kaigai.gr.jp>
В списке pgsql-hackers по дате отправления: