Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why isn't row level security enabled for Postgres views?

Tags:

sql

postgresql

views

postgresql-9.5

row-level-security

I need strict control of the reading and writing of my Postgres data. Updatable views have always provided very good, strict, control of the reading of my data and allows me to add valuable computed columns. With Postgres 9.5 row level security has introduced a new and powerful way to control my data. But I can't use both technologies views, and row level security together. Why?

like image 344
Calebmer Avatar asked Nov 22 '15 17:11

Calebmer

People also ask

Does Postgres support row level security?

PostgreSQL 9.5 and newer includes a feature called Row Level Security (RLS). When you define security policies on a table, these policies restrict which rows in that table are returned by SELECT queries or which rows are affected by INSERT , UPDATE , and DELETE commands.

How do I enable row level security?

Use ALTER TABLE … ENABLE ROW LEVEL SECURITY—to enable row-level security on the table. If this option is not enabled, your policy cannot be applied to the table. Use the CREATE POLICY command—to define new row-level security policies for each table.

How do Views work in PostgreSQL?

A view is a database object that is of a stored query. A view can be accessed as a virtual table in PostgreSQL. In other words, a PostgreSQL view is a logical table that represents data of one or more underlying tables through a SELECT statement.

Are there views in PostgreSQL?

The PostgreSQL views are created using the CREATE VIEW statement. The PostgreSQL views can be created from a single table, multiple tables, or another view.

1 Answers

Basically because it wasn't possible to retroactively change how views work. I'd like to be able to support SECURITY INVOKER (or equivalent) for views but as far as I know no such feature presently exists.

You can filter access to the view its self with row security normally.

The tables accessed by the view will also have their row security rules applied. However, they'll see the current_user as the view creator because views access tables (and other views) with the rights of the user who created/owns the view.

Maybe it'd be worth raising this on pgsql-hackers if you're willing to step in and help with development of the feature you need, or pgsql-general otherwise?

That said, while views access tables as the creating user and change current_user accordingly, they don't prevent you from using custom GUCs, the session_user, or other contextual information in row security policies. You can use row security with views, just not (usefully) to filter based on current_user.

like image 171
Craig Ringer Avatar answered Oct 02 '22 23:10

Craig Ringer
Sign in to Comment

Related questions

SQL query for getting data for last 3 months
Should I delete or disable a row in a relational database?
Error: Cannot create TypedQuery for query with more than one return
PostgreSQL: Full Text Search - How to search partial words?
Sum columns with null values in oracle
How do I prevent a database trigger from recursing?
Prevent Entity Framework adding ORDER BY when using Include
In EF 4.1 DbContext how to trace generated SQL
Difference between sparse index and dense index
What are the pros and cons for choosing a character varying data type for primary key in SQL? [closed]
how does a SQL query work?
Are there any published coding style guidelines for SQL?
How to create an alias of database in SQL Server
Suggestions for implementing audit tables in SQL Server?
purpose of collate in Postgres
Update DataSet structure in Visual Studio to match new SQL Database Structure
SQL MAX function in non-numeric columns
Can SQL Server Express LocalDB be connected to remotely?
SQLSTATE[42S22]: Column not found: 1054 Unknown column - Laravel
What cannot be done in SQL Server 2008 Web Edition?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!