* Haribabu Kommi (kommi.harib...@gmail.com) wrote: > On Tue, Oct 6, 2015 at 10:56 AM, Haribabu Kommi > <kommi.harib...@gmail.com> wrote: > > Here I attached an updated version of the patch with the following changes. > > I found some problems related to providing multi-tenancy on a system > catalog view. > This is because, system catalog view uses the owner that is created > the user instead > of the current user by storing the user information in "checkAsUser" > field in RangeTblEntry > structure.
Right, when querying through a view to tables underneath, we use the permissions of the view owner. View creators should be generally aware of this already. I agree that it adds complications to the multi-tenancy idea since the system views, today, allow viewing of all objects. There are two ways to address that: Modify the system catalog views to include the same constraints that the policies on the tables do or Allow RLS policies against views and then create the necessary policies on the views in the catalog. My inclination is to work towards the latter as that's a capability we'd like to have anyway. Thanks! Stephen
signature.asc
Description: Digital signature