On Tue, Oct 6, 2015 at 7:29 AM, Stephen Frost <sfr...@snowman.net> wrote: > * Haribabu Kommi (kommi.harib...@gmail.com) wrote: >> On Tue, Oct 6, 2015 at 10:56 AM, Haribabu Kommi >> <kommi.harib...@gmail.com> wrote: >> > Here I attached an updated version of the patch with the following changes. >> >> I found some problems related to providing multi-tenancy on a system >> catalog view. >> This is because, system catalog view uses the owner that is created >> the user instead >> of the current user by storing the user information in "checkAsUser" >> field in RangeTblEntry >> structure. > > Right, when querying through a view to tables underneath, we use the > permissions of the view owner. View creators should be generally aware > of this already. > > I agree that it adds complications to the multi-tenancy idea since the > system views, today, allow viewing of all objects. There are two ways > to address that: > > Modify the system catalog views to include the same constraints that the > policies on the tables do > > or > > Allow RLS policies against views and then create the necessary policies > on the views in the catalog. > > My inclination is to work towards the latter as that's a capability we'd > like to have anyway.
We've got one reloption for views already - security_barrier. Maybe we could have another one that effectively changes a particular view from "security definer" as it is today to "security invoker". -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
