From: | Craig Ringer <craig(at)2ndquadrant(dot)com> |
---|---|
To: | Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com> |
Cc: | Yeb Havinga <yebhavinga(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Row-security on updatable s.b. views |
Date: | 2014-03-04 01:36:00 |
Message-ID: | 53152E00.7000805@2ndquadrant.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 02/25/2014 01:28 AM, Dean Rasheed wrote:
> On 13 February 2014 04:12, Craig Ringer <craig(at)2ndquadrant(dot)com> wrote:
>>
>> It's crashing while pulling up the query over "emp" (hl7.employee) and
>> "part" (hl7.participation).
>>
>> Given the simplicity of what the row-security code its self is doing,
>> I'm wondering if this is a case that isn't handled in updatable s.b.
>> views. I'll look into it.
>
> I'm not sure how much further you've got with this, but I think the
> issue is that the securityQuals that you're adding don't refer to the
> correct RTE. When adding securityQuals to an RTE, they are expected to
> have Vars whose varno matches the rt_index of the RTE (see for example
> the code in rewriteTargetView() which calls ChangeVarNodes() on
> viewqual before adding the qual to securityQuals or the main query
> jointree). prepend_row_security_quals() doesn't appear to have any
> similar code, and it would need to be passed the rt_index to do that.
Thanks for the pointer. That was indeed the issue.
I've pushed an update to the branch with the fix for varno handling.
Thanks. It's tagged rls-9.4-upd-sb-views-v8 .
I've almost run out of time to spend on row security for this
commitfest, unfortunately. I'm putting a blog together with a current
status update. Frustrating, as it's coming together now.
Open issues include:
- Passing plan inval items from rewriter into planner
- COPY support pending
- Clear syntax in DDL
Most of the rest are solved; it's actually looking pretty good.
--
Craig Ringer http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
From | Date | Subject | |
---|---|---|---|
Next Message | Andres Freund | 2014-03-04 01:45:24 | Re: ALTER TABLE lock strength reduction patch is unsafe |
Previous Message | Tom Lane | 2014-03-04 01:32:13 | Re: ALTER TABLE lock strength reduction patch is unsafe |