diff options
| author | Dean Rasheed | 2022-03-22 10:28:10 +0000 |
|---|---|---|
| committer | Dean Rasheed | 2022-03-22 10:28:10 +0000 |
| commit | 7faa5fc84bf46ea6c543993cffb8be64dff60d25 (patch) | |
| tree | 5e2f4c3b96cd77946916cd64369f3d71d8e86dc8 /doc/src/sgml/rules.sgml | |
| parent | f5576a21b0778f275d7418f6f7a44d9400ee90aa (diff) | |
Add support for security invoker views.
A security invoker view checks permissions for accessing its
underlying base relations using the privileges of the user of the
view, rather than the privileges of the view owner. Additionally, if
any of the base relations are tables with RLS enabled, the policies of
the user of the view are applied, rather than those of the view owner.
This allows views to be defined without giving away additional
privileges on the underlying base relations, and matches a similar
feature available in other database systems.
It also allows views to operate more naturally with RLS, without
affecting the assignments of policies to users.
Christoph Heiss, with some additional hacking by me. Reviewed by
Laurenz Albe and Wolfgang Walther.
Discussion: https://postgr.es/m/b66dd6d6-ad3e-c6f2-8b90-47be773da240%40cybertec.at
Diffstat (limited to 'doc/src/sgml/rules.sgml')
| -rw-r--r-- | doc/src/sgml/rules.sgml | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/doc/src/sgml/rules.sgml b/doc/src/sgml/rules.sgml index 4aa4e00e017..4b2ba5a4e6e 100644 --- a/doc/src/sgml/rules.sgml +++ b/doc/src/sgml/rules.sgml @@ -2007,11 +2007,14 @@ SELECT * FROM shoelace; a relation (table or view) is automatically the owner of the rewrite rules that are defined for it. The <productname>PostgreSQL</productname> rule system changes the - behavior of the default access control system. Relations that - are used due to rules get checked against the + behavior of the default access control system. With the exception of + <literal>SELECT</literal> rules associated with security invoker views + (see <link linkend="sql-createview"><command>CREATE VIEW</command></link>), + all relations that are used due to rules get checked against the privileges of the rule owner, not the user invoking the rule. - This means that users only need the required privileges - for the tables/views that are explicitly named in their queries. + This means that, except for security invoker views, users only need the + required privileges for the tables/views that are explicitly named in + their queries. </para> <para> |