On Wed, Oct 21, 2015 at 2:42 PM, Haribabu Kommi <kommi.harib...@gmail.com> wrote: > Pending items: > 1. Need to add some more tests to verify all database catalog tables. > 2. Documentation changes for database catalog tenancy.
Here I attached the updated database-catalog-security with more tests including system views, information schema views and documentation. >Known issues: >2. If user (U2) executes a query on an object (tbl2) which the user >(U2) don't have > permissions, as he cannot able to see that object from catalog > views/tables, > but the query returns an error message as "permission denied", but in case > if multi-tenancy is enabled, the error message should be "relation >doesn't exist". To handle the above problem, we can add a check to verify whether the corresponding catalog relation has the row level security is enabled or not? in all *_aclmask or similar functions. Based on the ACL result, if the row security is enabled, through an error as "object does not exist", instead of permission denied by the aclcheck_error function. This will increase the extra processing time for queries irrespective of whether the multi-tenancy is enabled or not? comments? Regards, Hari Babu Fujitsu Australia
Description: Binary data
-- Sent via pgsql-hackers mailing list (firstname.lastname@example.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers