On 03/08/2014 01:56 AM, Tom Lane wrote:
Craig Ringer cr...@2ndquadrant.com writes:
What I'm concerned about is the locking. It looks to me like we're
causing the user to lock rows that they may not intend to lock, by
applying a LockRows step *before* the user supplied qual. (I'm going to
test
On 03/05/2014 11:02 AM, Craig Ringer wrote:
The main known issue remaining is plan invalidation.
I've pushed a version with a plan invalidation implementation. It's tagged:
rls-9.4-upd-sb-views-v9
in
g...@github.com:ringerc/postgres.git
The invalidation implementation does not yet handle
On 03/07/2014 09:33 PM, Craig Ringer wrote:
On 03/05/2014 11:02 AM, Craig Ringer wrote:
The main known issue remaining is plan invalidation.
I've pushed a version with a plan invalidation implementation. It's tagged:
rls-9.4-upd-sb-views-v9
in
g...@github.com:ringerc/postgres.git
On 03/07/2014 10:07 PM, Craig Ringer wrote:
On 03/07/2014 09:33 PM, Craig Ringer wrote:
On 03/05/2014 11:02 AM, Craig Ringer wrote:
The main known issue remaining is plan invalidation.
I've pushed a version with a plan invalidation implementation. It's tagged:
rls-9.4-upd-sb-views-v9
in
Craig Ringer cr...@2ndquadrant.com writes:
What I'm concerned about is the locking. It looks to me like we're
causing the user to lock rows that they may not intend to lock, by
applying a LockRows step *before* the user supplied qual. (I'm going to
test that tomorrow, it's sleep time in
On 05/03/14 15:44, Craig Ringer wrote:
On 03/05/2014 05:25 PM, Yeb Havinga wrote:
Maybe a naive thought, but shouldn't all plans that include a table with
an RLS clause be invalidated when the session role switches, regardless
of which users from and to?
Only if the plan is actually accessed
On 06/03/14 02:56, Craig Ringer wrote:
On 03/06/2014 04:56 AM, Yeb Havinga wrote:
If you state it like that, it sounds like a POLA violation. But the
complete story is: A user is allowed to UPDATE a set of rows from a
table that is not a subsect of the set of rows he can SELECT from the
table,
On 2014-03-05 04:02, Craig Ringer wrote:
On 03/04/2014 09:41 PM, Yeb Havinga wrote:
On 04/03/14 02:36, Craig Ringer wrote:
I've pushed an update to the branch with the fix for varno handling.
Thanks. It's tagged rls-9.4-upd-sb-views-v8 .
I've almost run out of time to spend on row security
On 03/05/2014 05:25 PM, Yeb Havinga wrote:
Maybe a naive thought, but shouldn't all plans that include a table with
an RLS clause be invalidated when the session role switches, regardless
of which users from and to?
Only if the plan is actually accessed when under a different user ID.
Consider
On 03/06/2014 04:56 AM, Yeb Havinga wrote:
It might be an idea to add the SELECT RLS clause for DML
queries that contain a RETURNING clause.
That way lies madness: A DML statement that affects *a different set of
rows* depending on whether or not it has a RETURNING clause.
If you state it
On 04/03/14 02:36, Craig Ringer wrote:
On 02/25/2014 01:28 AM, Dean Rasheed wrote:
On 13 February 2014 04:12, Craig Ringer cr...@2ndquadrant.com wrote:
It's crashing while pulling up the query over emp (hl7.employee) and
part (hl7.participation).
Given the simplicity of what the row-security
On 04/03/14 02:36, Craig Ringer wrote:
On 02/25/2014 01:28 AM, Dean Rasheed wrote:
On 13 February 2014 04:12, Craig Ringer cr...@2ndquadrant.com wrote:
It's crashing while pulling up the query over emp (hl7.employee) and
part (hl7.participation).
Given the simplicity of what the row-security
On 03/04/2014 09:41 PM, Yeb Havinga wrote:
On 04/03/14 02:36, Craig Ringer wrote:
I've pushed an update to the branch with the fix for varno handling.
Thanks. It's tagged rls-9.4-upd-sb-views-v8 .
I've almost run out of time to spend on row security for this
commitfest, unfortunately. I'm
On 02/25/2014 01:28 AM, Dean Rasheed wrote:
On 13 February 2014 04:12, Craig Ringer cr...@2ndquadrant.com wrote:
It's crashing while pulling up the query over emp (hl7.employee) and
part (hl7.participation).
Given the simplicity of what the row-security code its self is doing,
I'm wondering
On 13 February 2014 04:12, Craig Ringer cr...@2ndquadrant.com wrote:
On 02/11/2014 08:19 PM, Yeb Havinga wrote:
I compared output of psql -ef of the minirim.sql script posted earlier
in http://www.postgresql.org/message-id/52f54927.1040...@gmail.com
between v4 and v7.
Not everything is ok.
On 02/11/2014 08:19 PM, Yeb Havinga wrote:
I compared output of psql -ef of the minirim.sql script posted earlier
in http://www.postgresql.org/message-id/52f54927.1040...@gmail.com
between v4 and v7.
Not everything is ok.
+psql:/home/m/minirim2.sql:409: ERROR: attribute 6 has wrong type
On 02/06/2014 10:19 PM, Craig Ringer wrote:
On 02/06/2014 12:43 PM, Craig Ringer wrote:
1. Try (again) to do row-security in the rewriter. This was previously
impossible because of the definition of row-security behaviour around
inheritance, but with the simplified inheritance model now
On 2014-02-11 09:36, Craig Ringer wrote:
On 02/06/2014 10:19 PM, Craig Ringer wrote:
On 02/06/2014 12:43 PM, Craig Ringer wrote:
1. Try (again) to do row-security in the rewriter. This was previously
impossible because of the definition of row-security behaviour around
inheritance, but with
On 02/11/2014 06:05 PM, Yeb Havinga wrote:
On 2014-02-11 09:36, Craig Ringer wrote:
On 02/06/2014 10:19 PM, Craig Ringer wrote:
On 02/06/2014 12:43 PM, Craig Ringer wrote:
1. Try (again) to do row-security in the rewriter. This was previously
impossible because of the definition of
On 2014-02-11 12:09, Craig Ringer wrote:
On 02/11/2014 06:05 PM, Yeb Havinga wrote:
On 2014-02-11 09:36, Craig Ringer wrote:
On 02/06/2014 10:19 PM, Craig Ringer wrote:
On 02/06/2014 12:43 PM, Craig Ringer wrote:
1. Try (again) to do row-security in the rewriter. This was previously
On 02/11/2014 08:19 PM, Yeb Havinga wrote:
On 2014-02-11 12:09, Craig Ringer wrote:
rls-9.4-upd-sb-views-v7
Hi Craig,
I compared output of psql -ef of the minirim.sql script posted earlier
in http://www.postgresql.org/message-id/52f54927.1040...@gmail.com
between v4 and v7.
Not
On 06/02/14 15:19, Craig Ringer wrote:
Thanks to the simplified requirements for inheritance, this turns out to
be fairly easy. There's a version rewritten to use the rewriter in the tag:
rls-9.4-upd-sb-views-v6
on https://github.com/ringerc/postgres.git
Hi Craig, list,
This is review
On 2014-02-06 05:43, Craig Ringer wrote:
Based on Tom's objections, another approach is presented in
rls-9.4-upd-sb-views-v5 on g...@github.com:ringerc/postgres.git . The
Query node is used to record the recursive expansion parent list
instead, and copying is avoided.
Cannot fetch or clone.
On 02/06/2014 04:54 PM, Yeb Havinga wrote:
On 2014-02-06 05:43, Craig Ringer wrote:
Based on Tom's objections, another approach is presented in
rls-9.4-upd-sb-views-v5 on g...@github.com:ringerc/postgres.git . The
Query node is used to record the recursive expansion parent list
instead, and
On 02/06/2014 12:43 PM, Craig Ringer wrote:
1. Try (again) to do row-security in the rewriter. This was previously
impossible because of the definition of row-security behaviour around
inheritance, but with the simplified inheritance model now proposed I
think it's possible.
Thanks to the
On 02/06/2014 10:19 PM, Craig Ringer wrote:
On 02/06/2014 12:43 PM, Craig Ringer wrote:
1. Try (again) to do row-security in the rewriter. This was previously
impossible because of the definition of row-security behaviour around
inheritance, but with the simplified inheritance model now
Craig Ringer cr...@2ndquadrant.com writes:
We don't rerun rewrite on plan invalidation.
Don't we? plancache.c certainly does, in fact it starts from the raw
grammar output. Skipping the rewriter would mean failing to respond
to CREATE OR REPLACE VIEW, for example.
On 02/06/2014 11:11 PM, Tom Lane wrote:
Craig Ringer cr...@2ndquadrant.com writes:
We don't rerun rewrite on plan invalidation.
Don't we? plancache.c certainly does, in fact it starts from the raw
grammar output. Skipping the rewriter would mean failing to respond
to CREATE OR REPLACE
On 02/04/2014 02:43 PM, Craig Ringer wrote:
On 01/30/2014 04:05 PM, Craig Ringer wrote:
On 01/30/2014 01:25 PM, Craig Ringer wrote:
On 01/29/2014 09:47 PM, Craig Ringer wrote:
https://github.com/ringerc/postgres/compare/rls-9.4-upd-sb-views
i.e. https://github.com/ringerc/postgres.git ,
On 01/30/2014 04:05 PM, Craig Ringer wrote:
On 01/30/2014 01:25 PM, Craig Ringer wrote:
On 01/29/2014 09:47 PM, Craig Ringer wrote:
https://github.com/ringerc/postgres/compare/rls-9.4-upd-sb-views
i.e. https://github.com/ringerc/postgres.git ,
branch rls-9.4-upd-sb-views
(subject to
Craig Ringer cr...@2ndquadrant.com writes:
I landed up adding a field to RangeTblEntry that keeps track of all the
oids of relations row-security expanded to produce this RTE. When
testing an RTE for row-security policy, this list is checked to see if
the oid of the relation being expanded is
On 02/04/2014 03:14 PM, Tom Lane wrote:
Craig Ringer cr...@2ndquadrant.com writes:
I landed up adding a field to RangeTblEntry that keeps track of all the
oids of relations row-security expanded to produce this RTE. When
testing an RTE for row-security policy, this list is checked to see if
On 01/30/2014 01:25 PM, Craig Ringer wrote:
On 01/29/2014 09:47 PM, Craig Ringer wrote:
https://github.com/ringerc/postgres/compare/rls-9.4-upd-sb-views
i.e. https://github.com/ringerc/postgres.git ,
branch rls-9.4-upd-sb-views
(subject to rebasing) or the non-rebased tag
On 01/29/2014 09:47 PM, Craig Ringer wrote:
https://github.com/ringerc/postgres/compare/rls-9.4-upd-sb-views
i.e. https://github.com/ringerc/postgres.git ,
branch rls-9.4-upd-sb-views
(subject to rebasing) or the non-rebased tag rls-9.4-upd-sb-views-v2
Pushed an update to the branch.
34 matches
Mail list logo
