On Fri, Aug 14, 2015 at 12:00 PM, Haribabu Kommi <kommi.harib...@gmail.com> wrote: > > Here I attached the proof concept patch.
Here I attached an updated patch by adding policies to the most of the system catalog tables, except the following. AggregateRelationId AccessMethodRelationId AccessMethodOperatorRelationId AccessMethodProcedureRelationId AuthMemRelationId CastRelationId EnumRelationId EventTriggerRelationId ExtensionRelationId LargeObjectRelationId LargeObjectMetadataRelationId PLTemplateRelationId RangeRelationId RewriteRelationId TransformRelationId TSConfigRelationId TSConfigMapRelationId TSDictionaryRelationId TSParserRelationId TSTemplateRelationId Following catalog tables needs to create the policy based on the class, so currently didn't added any policy for the same. SecLabelRelationId SharedDependRelationId SharedDescriptionRelationId SharedSecLabelRelationId If any user is granted any permissions on that object then that user can view it's meta data of that object from the catalog tables. To check the permissions of the user on the object, instead of checking each and every available option, I just added a new privilege check option called "any". If user have any permissions on the object, the corresponding permission check function returns true. Patch attached for the same. Any thoughts/comments? Regards, Hari Babu Fujitsu Australia
multi-tenancy_with_rls_poc_2.patch
Description: Binary data
any_privilege_check_option.patch
Description: Binary data
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers