[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Row-level security?

Subject: Re: Row-level security?
From: "Roderick A. Anderson" <..hidden..>
Date: Tue, 10 Feb 2009 17:36:02 -0800

Chris Travers wrote:

On Tue, Feb 10, 2009 at 4:09 PM, Josh Berkus <..hidden..> wrote:

Chris Travers wrote:

On Tue, Feb 10, 2009 at 1:36 PM, Roderick A. Anderson <..hidden..> wrote:

I understand that 1.3 (or maybe 1.4) will have access to tables
controlled via a role.  (Did I state that correctly?).

While doing some searching I read that row-level security wasn't going
to be available in PostgreSQL until 8.5.

That's correct.  There are a lot of very problematic issues around
row-level security (not the least of which is Foriegn Keys) which we
were not able to work out in time for 8.4.

You can, of course, continue to use VIEWs to implement row-level
security.  However, trying to do that for a variety of ROLEs is somewhat
difficult ... especially since auto-updatable VIEWs also didn't make the
cut for 8.4.  I recommend a function-based API.



What I have done in the past is to create a view and a shadow-table,
and the view calls a function for each row that checks permissions.
Views used in this way don't have to be messy.


Chris, Josh thanks.

It isn't an application that needs to be super secure but it made senseto define/do it right the first time. But I'll probably go with aVIEW/Controller hybrid to get it out the door. Fortunately it will bean internal application. :-)



Rod
--


Best Wishes,
Chris Travers

------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________
Ledger-smb-devel mailing list
..hidden..
https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel

References:
- Row-level security?
  - From: Roderick A. Anderson
- Re: Row-level security?
  - From: Chris Travers
- Re: Row-level security?
  - From: Josh Berkus
- Re: Row-level security?
  - From: Chris Travers

Prev by Date: Re: Row-level security?
Next by Date: LedgerSMB website
Previous by thread: Re: Row-level security?
Next by thread: LedgerSMB website
Index(es):
- Date
- Thread