Re: [RFC] Interface of Row Level Security
| От | Florian Pflug |
|---|---|
| Тема | Re: [RFC] Interface of Row Level Security |
| Дата | |
| Msg-id | E8D3F853-5C0E-4403-A326-BB77AE78028B@phlo.org обсуждение исходный текст |
| Ответ на | Re: [RFC] Interface of Row Level Security (Robert Haas <robertmhaas@gmail.com>) |
| Список | pgsql-hackers |
On May29, 2012, at 16:34 , Robert Haas wrote: > One idea might be to have a grantable permission that permits the RLS > policy to be bypassed. So, if a user has only SELECT permission, they > can select from the table, but the RLS policy will apply. If they > have both SELECT and RLSBYPASS (probably not what we really want to > call it) permission, then they can select from the table and the RLS > policy will be skipped. This means that superusers automatically skip > all RLS policies (which seems right) and table owners skip them by > default (but could revoke their own privileges) and other people can > skip them if the table owner (or the superuser) grants them the > appropriate privilege on the table involved. I like it. Seems to support all use-cases I can come up with, and extends existing privilege semantics in a natural way. best regards, Florian Pflug
В списке pgsql-hackers по дате отправления: