{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Fickle 薄情 的问题《Why isn't row level security enabled for Postg》','https://www.manongdao.com/q-551714.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I need strict control of the reading and writing of my Postgres data. Updatable views have always provided very good, strict, control of the reading of my data and allows me to add valuable computed columns. With Postgres 9.5 row level security has introduced a new and powerful way to control my data. But I can't use both technologies views, and row level security together. Why?
相关问题
- SQL join to get the cartesian product of 2 columns
- sql execution latency when assign to a variable
- Difference between Types.INTEGER and Types.NULL in
- php PDO::FETCH_ASSOC doesnt detect select after ba
- Bulk update SQL Server C#
Basically because it wasn't possible to retroactively change how views work. I'd like to be able to support
SECURITY INVOKER(or equivalent) for views but as far as I know no such feature presently exists.You can filter access to the view its self with row security normally.
The tables accessed by the view will also have their row security rules applied. However, they'll see the
current_useras the view creator because views access tables (and other views) with the rights of the user who created/owns the view.Maybe it'd be worth raising this on pgsql-hackers if you're willing to step in and help with development of the feature you need, or pgsql-general otherwise?
That said, while views access tables as the creating user and change
current_useraccordingly, they don't prevent you from using custom GUCs, thesession_user, or other contextual information in row security policies. You can use row security with views, just not (usefully) to filter based oncurrent_user.