On Wed, Oct 21, 2015 at 2:42 PM, Haribabu Kommi
<kommi.harib...@gmail.com> wrote:
> Pending items:
> 1. Need to add some more tests to verify all database catalog tables.
> 2. Documentation changes for database catalog tenancy.

Here I attached the updated database-catalog-security with more tests
including system views,
information schema views and documentation.

>Known issues:
>2. If user (U2) executes a query on an object (tbl2) which the user
>(U2) don't have
>    permissions, as he cannot able to see that object from catalog 
> views/tables,
>    but the query returns an error message as "permission denied", but in case
>    if multi-tenancy is enabled, the error message should be "relation
>doesn't exist".

To handle the above problem, we can add a check to verify whether the
catalog relation has the row level security is enabled or not? in all
*_aclmask or similar
functions. Based on the ACL result, if the row security is enabled,
through an error as
"object does not exist", instead of permission denied by the
aclcheck_error function.
This will increase the extra processing time for queries irrespective
of whether the
multi-tenancy is enabled or not?


Hari Babu
Fujitsu Australia

Attachment: 4_database_catalog_tenancy_v2.patch
Description: Binary data

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to