Search Postgresql Archives

Re: Row-level Security vs Application-level authz

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Darin,

* Darin Gordon (darinc@xxxxxxxxx) wrote:
> I'm trying to understand the extent that row level security in postgresql
> 9.5 may replace, or augment, application-level access control.

Neat!

> I have a fully implemented application-level access control policy.  It's
> not clear to me how I will integrate or replace it with RLS.

There's not very much information to go on here but there's a couple of
different ways to either integrate or replace what you have at the
application level with a combination of the PostgreSQL GRANT and POLICY
systems.

> Craig Ringer mentioned in a blog post:
>  "Most importantly, row-security is pluggable – in addition to looking
> policies up from the system catalogs, it’s also possible to use a policy
> hook to supply arbitrary policy from extensions. "
> 
> It seems that my options will be to record authorization into the catalog
> or write an extension?

It's not entirely clear to me what else you'd do, but perhaps I can help
clarify by explaining what is meant by "looking policies up from the
system catalogs".  Those are policies which are implemented using the
new CREATE POLICY command available in 9.5.  Those policies can be
either specific (such as to a particular user or role) or generic (by
looking up the current role using a table, or using the currently logged
in user, and then looking up if the current record is allowed to be seen
or operated on by the user in another table).

More insight into what your current system looks like and what the
requirements are would help move this discussion from high-level
generalities to specific analysis of your use-case.

	Thanks!

		Stephen

Attachment: signature.asc
Description: Digital signature


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux