On 03/08/2014 01:56 AM, Tom Lane wrote:
> Craig Ringer writes:
>> What I'm concerned about is the locking. It looks to me like we're
>> causing the user to lock rows that they may not intend to lock, by
>> applying a LockRows step *before* the user supplied qual. (I'm going to
>> test that tomorro
On 05/03/14 15:44, Craig Ringer wrote:
On 03/05/2014 05:25 PM, Yeb Havinga wrote:
Maybe a naive thought, but shouldn't all plans that include a table with
an RLS clause be invalidated when the session role switches, regardless
of which users from and to?
Only if the plan is actually accessed wh
Craig Ringer writes:
> What I'm concerned about is the locking. It looks to me like we're
> causing the user to lock rows that they may not intend to lock, by
> applying a LockRows step *before* the user supplied qual. (I'm going to
> test that tomorrow, it's sleep time in Australia).
The fact th
On 03/07/2014 10:07 PM, Craig Ringer wrote:
> On 03/07/2014 09:33 PM, Craig Ringer wrote:
>> On 03/05/2014 11:02 AM, Craig Ringer wrote:
>>> The main known issue remaining is plan invalidation.
>>
>> I've pushed a version with a plan invalidation implementation. It's tagged:
>>
>> rls-9.4-upd-sb-
On 03/07/2014 09:33 PM, Craig Ringer wrote:
> On 03/05/2014 11:02 AM, Craig Ringer wrote:
>> The main known issue remaining is plan invalidation.
>
> I've pushed a version with a plan invalidation implementation. It's tagged:
>
> rls-9.4-upd-sb-views-v9
>
> in
>
> g...@github.com:ringerc/po
On 03/05/2014 11:02 AM, Craig Ringer wrote:
> The main known issue remaining is plan invalidation.
I've pushed a version with a plan invalidation implementation. It's tagged:
rls-9.4-upd-sb-views-v9
in
g...@github.com:ringerc/postgres.git
The invalidation implementation does not yet handle
On 06/03/14 02:56, Craig Ringer wrote:
On 03/06/2014 04:56 AM, Yeb Havinga wrote:
If you state it like that, it sounds like a POLA violation. But the
complete story is: "A user is allowed to UPDATE a set of rows from a
table that is not a subsect of the set of rows he can SELECT from the
table,
On 03/06/2014 04:56 AM, Yeb Havinga wrote:
>>> It might be an idea to add the SELECT RLS clause for DML
>>> queries that contain a RETURNING clause.
>> That way lies madness: A DML statement that affects *a different set of
>> rows* depending on whether or not it has a RETURNING clause.
> If you st
On 03/05/2014 05:25 PM, Yeb Havinga wrote:
> Maybe a naive thought, but shouldn't all plans that include a table with
> an RLS clause be invalidated when the session role switches, regardless
> of which users from and to?
Only if the plan is actually accessed when under a different user ID.
Consid
On 2014-03-05 04:02, Craig Ringer wrote:
On 03/04/2014 09:41 PM, Yeb Havinga wrote:
On 04/03/14 02:36, Craig Ringer wrote:
I've pushed an update to the branch with the fix for varno handling.
Thanks. It's tagged rls-9.4-upd-sb-views-v8 .
I've almost run out of time to spend on row security for
On 03/04/2014 09:41 PM, Yeb Havinga wrote:
> On 04/03/14 02:36, Craig Ringer wrote:
>>
>> I've pushed an update to the branch with the fix for varno handling.
>> Thanks. It's tagged rls-9.4-upd-sb-views-v8 .
>>
>> I've almost run out of time to spend on row security for this
>> commitfest, unfortun
On 04/03/14 02:36, Craig Ringer wrote:
On 02/25/2014 01:28 AM, Dean Rasheed wrote:
On 13 February 2014 04:12, Craig Ringer wrote:
It's crashing while pulling up the query over "emp" (hl7.employee) and
"part" (hl7.participation).
Given the simplicity of what the row-security code its self is d
On 04/03/14 02:36, Craig Ringer wrote:
On 02/25/2014 01:28 AM, Dean Rasheed wrote:
On 13 February 2014 04:12, Craig Ringer wrote:
It's crashing while pulling up the query over "emp" (hl7.employee) and
"part" (hl7.participation).
Given the simplicity of what the row-security code its self is d
On 02/25/2014 01:28 AM, Dean Rasheed wrote:
> On 13 February 2014 04:12, Craig Ringer wrote:
>>
>> It's crashing while pulling up the query over "emp" (hl7.employee) and
>> "part" (hl7.participation).
>>
>> Given the simplicity of what the row-security code its self is doing,
>> I'm wondering if t
On 13 February 2014 04:12, Craig Ringer wrote:
> On 02/11/2014 08:19 PM, Yeb Havinga wrote:
>
>> I compared output of psql -ef of the minirim.sql script posted earlier
>> in http://www.postgresql.org/message-id/52f54927.1040...@gmail.com
>> between v4 and v7.
>>
>> Not everything is ok.
>
>> +psql
On 02/11/2014 08:19 PM, Yeb Havinga wrote:
> I compared output of psql -ef of the minirim.sql script posted earlier
> in http://www.postgresql.org/message-id/52f54927.1040...@gmail.com
> between v4 and v7.
>
> Not everything is ok.
> +psql:/home/m/minirim2.sql:409: ERROR: attribute 6 has wrong
On 02/11/2014 08:19 PM, Yeb Havinga wrote:
> On 2014-02-11 12:09, Craig Ringer wrote:
>> rls-9.4-upd-sb-views-v7
>>
> Hi Craig,
>
> I compared output of psql -ef of the minirim.sql script posted earlier
> in http://www.postgresql.org/message-id/52f54927.1040...@gmail.com
> between v4 and v7.
>
>
On 2014-02-11 12:09, Craig Ringer wrote:
On 02/11/2014 06:05 PM, Yeb Havinga wrote:
On 2014-02-11 09:36, Craig Ringer wrote:
On 02/06/2014 10:19 PM, Craig Ringer wrote:
On 02/06/2014 12:43 PM, Craig Ringer wrote:
1. Try (again) to do row-security in the rewriter. This was previously
impossibl
On 02/11/2014 06:05 PM, Yeb Havinga wrote:
> On 2014-02-11 09:36, Craig Ringer wrote:
>> On 02/06/2014 10:19 PM, Craig Ringer wrote:
>>> On 02/06/2014 12:43 PM, Craig Ringer wrote:
1. Try (again) to do row-security in the rewriter. This was previously
impossible because of the definition
On 2014-02-11 09:36, Craig Ringer wrote:
On 02/06/2014 10:19 PM, Craig Ringer wrote:
On 02/06/2014 12:43 PM, Craig Ringer wrote:
1. Try (again) to do row-security in the rewriter. This was previously
impossible because of the definition of row-security behaviour around
inheritance, but with the
On 02/06/2014 10:19 PM, Craig Ringer wrote:
> On 02/06/2014 12:43 PM, Craig Ringer wrote:
>> 1. Try (again) to do row-security in the rewriter. This was previously
>> impossible because of the definition of row-security behaviour around
>> inheritance, but with the simplified inheritance model now
On 06/02/14 15:19, Craig Ringer wrote:
Thanks to the simplified requirements for inheritance, this turns out to
be fairly easy. There's a version rewritten to use the rewriter in the tag:
rls-9.4-upd-sb-views-v6
on https://github.com/ringerc/postgres.git
Hi Craig, list,
This is review o
On 02/06/2014 11:11 PM, Tom Lane wrote:
> Craig Ringer writes:
>> We don't rerun rewrite on plan invalidation.
>
> Don't we? plancache.c certainly does, in fact it starts from the raw
> grammar output. Skipping the rewriter would mean failing to respond
> to CREATE OR REPLACE VIEW, for example.
Craig Ringer writes:
> We don't rerun rewrite on plan invalidation.
Don't we? plancache.c certainly does, in fact it starts from the raw
grammar output. Skipping the rewriter would mean failing to respond
to CREATE OR REPLACE VIEW, for example.
regards, tom lane
--
S
On 02/06/2014 10:19 PM, Craig Ringer wrote:
> On 02/06/2014 12:43 PM, Craig Ringer wrote:
>> 1. Try (again) to do row-security in the rewriter. This was previously
>> impossible because of the definition of row-security behaviour around
>> inheritance, but with the simplified inheritance model now
On 02/06/2014 12:43 PM, Craig Ringer wrote:
> 1. Try (again) to do row-security in the rewriter. This was previously
> impossible because of the definition of row-security behaviour around
> inheritance, but with the simplified inheritance model now proposed I
> think it's possible.
Thanks to the
On 02/06/2014 04:54 PM, Yeb Havinga wrote:
> On 2014-02-06 05:43, Craig Ringer wrote:
>> Based on Tom's objections, another approach is presented in
>> rls-9.4-upd-sb-views-v5 on g...@github.com:ringerc/postgres.git . The
>> Query node is used to record the recursive expansion parent list
>> inste
On 2014-02-06 05:43, Craig Ringer wrote:
Based on Tom's objections, another approach is presented in
rls-9.4-upd-sb-views-v5 on g...@github.com:ringerc/postgres.git . The
Query node is used to record the recursive expansion parent list
instead, and copying is avoided.
Cannot fetch or clone.
g
On 02/04/2014 02:43 PM, Craig Ringer wrote:
> On 01/30/2014 04:05 PM, Craig Ringer wrote:
>> On 01/30/2014 01:25 PM, Craig Ringer wrote:
>>> On 01/29/2014 09:47 PM, Craig Ringer wrote:
https://github.com/ringerc/postgres/compare/rls-9.4-upd-sb-views
i.e. https://github.com/ringerc/po
On 02/04/2014 03:14 PM, Tom Lane wrote:
> Craig Ringer writes:
>> I landed up adding a field to RangeTblEntry that keeps track of all the
>> oids of relations row-security expanded to produce this RTE. When
>> testing an RTE for row-security policy, this list is checked to see if
>> the oid of the
Craig Ringer writes:
> I landed up adding a field to RangeTblEntry that keeps track of all the
> oids of relations row-security expanded to produce this RTE. When
> testing an RTE for row-security policy, this list is checked to see if
> the oid of the relation being expanded is already on the lis
On 01/30/2014 04:05 PM, Craig Ringer wrote:
> On 01/30/2014 01:25 PM, Craig Ringer wrote:
>> On 01/29/2014 09:47 PM, Craig Ringer wrote:
>>> https://github.com/ringerc/postgres/compare/rls-9.4-upd-sb-views
>>>
>>> i.e. https://github.com/ringerc/postgres.git ,
>>> branch rls-9.4-upd-sb-views
>
On 01/30/2014 01:25 PM, Craig Ringer wrote:
> On 01/29/2014 09:47 PM, Craig Ringer wrote:
>> https://github.com/ringerc/postgres/compare/rls-9.4-upd-sb-views
>>
>> i.e. https://github.com/ringerc/postgres.git ,
>> branch rls-9.4-upd-sb-views
>>
>> (subject to rebasing) or the non-rebased tag r
On 01/29/2014 09:47 PM, Craig Ringer wrote:
> https://github.com/ringerc/postgres/compare/rls-9.4-upd-sb-views
>
> i.e. https://github.com/ringerc/postgres.git ,
> branch rls-9.4-upd-sb-views
>
> (subject to rebasing) or the non-rebased tag rls-9.4-upd-sb-views-v2
Pushed an update to the br
34 matches
Mail list logo
