Quick Links

Re: API change advice: Passing plan invalidation info from the rewriter into the planner?

From:	"Brightwell, Adam" <adam(dot)brightwell(at)crunchydatasolutions(dot)com>
To:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc:	Stephen Frost <sfrost(at)snowman(dot)net>, Craig Ringer <craig(at)2ndquadrant(dot)com>, Craig Ringer <craig(at)hobby(dot)2ndquadrant(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Robert Haas <robertmhaas(at)gmail(dot)com>, Alvaro Herrera <alvherre(at)hobby(dot)2ndquadrant(dot)com>, Andres Freund <andres(at)hobby(dot)2ndquadrant(dot)com>, Greg Smith <greg(at)hobby(dot)2ndquadrant(dot)com>, Yeb Havinga <yeb(dot)havinga(at)portavita(dot)nl>
Subject:	Re: API change advice: Passing plan invalidation info from the rewriter into the planner?
Date:	2014-06-10 20:28:24
Message-ID:	CAKRt6CTcLGEjcfb5Ahg2nmjNBTZL1kHC-rEx5tX30WTZzwdftg@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Hey Tom,

> Hm ... I'm not following why we'd need a special case for superusers and
> not anyone else? Seems like any useful RLS scheme is going to require
> more privilege levels than just superuser and not-superuser.
>

As it stands right now, superuser is the only case where RLS policies
should not be applied/completely ignored. I suppose it is possible to
create RLS policies that are related to other privilege levels, but those
would still need to be applied despite user id, excepting superuser. I'll
defer to Stephen or Craig on the usefulness of this scheme.

Could we put the "if superuser then ok" test into the RLS condition test
> and thereby not need more than one plan at all?
>

As I understand it, the application of RLS policies occurs in the rewriter.
Therefore, when switching back and forth between superuser and
not-superuser the query must be rewritten, which would ultimately result in
the need for a new plan correct? If that is the case, then I am not sure
how one plan is possible. However, again, I'll have to defer to Stephen or
Craig on this one.

Thanks,
Adam

In response to

Re: API change advice: Passing plan invalidation info from the rewriter into the planner? at 2014-06-10 18:19:41 from Tom Lane

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Brian Dunavant	2014-06-10 21:29:13	Question about partial functional indexes and the query planner
Previous Message	Oleg Bartunov	2014-06-10 19:31:31	Re: Why is it "JSQuery"?