[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Row-level security?
- Subject: Re: Row-level security?
- From: Chris Travers <..hidden..>
- Date: Tue, 10 Feb 2009 16:41:34 -0800
On Tue, Feb 10, 2009 at 4:09 PM, Josh Berkus <..hidden..> wrote:
> Chris Travers wrote:
>> On Tue, Feb 10, 2009 at 1:36 PM, Roderick A. Anderson <..hidden..> wrote:
>>> I understand that 1.3 (or maybe 1.4) will have access to tables
>>> controlled via a role. (Did I state that correctly?).
>>>
>>> While doing some searching I read that row-level security wasn't going
>>> to be available in PostgreSQL until 8.5.
>
> That's correct. There are a lot of very problematic issues around
> row-level security (not the least of which is Foriegn Keys) which we
> were not able to work out in time for 8.4.
>
> You can, of course, continue to use VIEWs to implement row-level
> security. However, trying to do that for a variety of ROLEs is somewhat
> difficult ... especially since auto-updatable VIEWs also didn't make the
> cut for 8.4. I recommend a function-based API.
What I have done in the past is to create a view and a shadow-table,
and the view calls a function for each row that checks permissions.
Views used in this way don't have to be messy.
Best Wishes,
Chris Travers