[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Row-level security?

Subject: Re: Row-level security?
From: Chris Travers <..hidden..>
Date: Tue, 10 Feb 2009 16:41:34 -0800

On Tue, Feb 10, 2009 at 4:09 PM, Josh Berkus <..hidden..> wrote:
> Chris Travers wrote:
>> On Tue, Feb 10, 2009 at 1:36 PM, Roderick A. Anderson <..hidden..> wrote:
>>> I understand that 1.3 (or maybe 1.4) will have access to tables
>>> controlled via a role.  (Did I state that correctly?).
>>>
>>> While doing some searching I read that row-level security wasn't going
>>> to be available in PostgreSQL until 8.5.
>
> That's correct.  There are a lot of very problematic issues around
> row-level security (not the least of which is Foriegn Keys) which we
> were not able to work out in time for 8.4.
>
> You can, of course, continue to use VIEWs to implement row-level
> security.  However, trying to do that for a variety of ROLEs is somewhat
> difficult ... especially since auto-updatable VIEWs also didn't make the
> cut for 8.4.  I recommend a function-based API.


What I have done in the past is to create a view and a shadow-table,
and the view calls a function for each row that checks permissions.
Views used in this way don't have to be messy.

Best Wishes,
Chris Travers

Follow-Ups:
- Re: Row-level security?
  - From: Roderick A. Anderson

References:
- Row-level security?
  - From: Roderick A. Anderson
- Re: Row-level security?
  - From: Chris Travers
- Re: Row-level security?
  - From: Josh Berkus

Prev by Date: Re: Row-level security?
Next by Date: Re: Row-level security?
Previous by thread: Re: Row-level security?
Next by thread: Re: Row-level security?
Index(es):
- Date
- Thread