Re: [v9.4] row level security

From: Craig Ringer <craig(at)2ndquadrant(dot)com>
To: Gregory Smith <gregsmithpgsql(at)gmail(dot)com>, Greg Stark <stark(at)mit(dot)edu>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>, "ktm(at)rice(dot)edu" <ktm(at)rice(dot)edu>, Alexander Korotkov <aekorotkov(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, jeff(dot)mccormick(at)crunchydatasolutions(dot)com
Subject: Re: [v9.4] row level security
Date: 2014-01-20 06:15:13
Message-ID: 52DCBEF1.3010004@2ndquadrant.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 01/20/2014 09:58 AM, Craig Ringer wrote:
> As it is I'm spending today reworking the RLS patch on top of the new
> approach to updatable security barrier views.

To get that rolling I've split the RLS patch up into chunks, so we can
argue about the catalogs, ALTER syntax, and the actual row-filtering
implementation separately ;-)

It's currently on git(at)github(dot)com:ringerc/postgres.git in the branch
rls-9.4-split, which is subject to rebasing. I'm still going through it
making sure each chunk at least compiles and preferably passes "make
check".

The first version is on the tag rls-9.4-split-v1, which will remain
static and contains an initial patch-split. The patch series for this
version is attached.

This is a clean tree on top of today's git master, it's not descended
from KaiGai's / Greg's trees. That means it doesn't track RLS's
development details, merge commits, etc. It's just a multi-stage patch
merge of RLS on top of master.

Hopefully it'll be a useful working point. If you omit "guts" commit:

RLS: Enforce row-security by transforming query plans

you'll get the skeleton of the catalogs and and supporting commands
without the actual planner/optimizer changes, forming the useful basis
for rebuilding RLS on top of Dean's updatable s.b. views patch.

I'm going through the patch series to make sure the split is consistent
and each piece at least builds by its self, then I'm going to rip out
the above-mentioned commit and rework it on top of the updatable
security barriers code.

--
Craig Ringer http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services

Attachment Content-Type Size
0001-RLS-Make-plan-caching-dependent-on-user-ID.patch text/x-patch 5.3 KB
0002-RLS-add-pg_rowsecurity-catalog.patch text/x-patch 25.1 KB
0003-RLS-Add-rowsec_relid-to-ResultRelInfo.patch text/x-patch 4.4 KB
0004-Add-ALTER-TABLE-commands-for-row-security.patch text/x-patch 13.4 KB
0005-RLS-pg_dump-support-for-dumping-rowsecurity-catalogs.patch text/x-patch 13.9 KB
0006-RLS-psql-support-for-reporting-row-security-constrai.patch text/x-patch 1.4 KB
0007-RLS-Enforce-row-security-by-transforming-query-plans.patch text/x-patch 45.6 KB
0008-RLS-Enforce-row-security-on-COPY.patch text/x-patch 4.8 KB
0009-RLS-Regression-tests.patch text/x-patch 43.5 KB
0010-RLS-Supplimental-docs.patch text/x-patch 7.0 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Jeevan Chalke 2014-01-20 06:23:58 Re: [BUGS] surprising to_timestamp behavior
Previous Message Kyotaro HORIGUCHI 2014-01-20 05:15:56 Re: Funny representation in pg_stat_statements.query.