Multi-tenancy with RLS

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
63 messages Options
1234
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Multi-tenancy with RLS

Michael Paquier
On Tue, Jul 19, 2016 at 3:42 PM, Haribabu Kommi
<[hidden email]> wrote:
> The above changes are based on my understanding to the discussion occurred in
> this mail. In case if I miss anything, please let me know, i will
> correct the same.

The patch series still apply.

+                   " ((classid = (select oid from pg_class where
relname = 'pg_aggregate'))"
+                   " OR (classid = (select oid from pg_class where
relname = 'pg_cast') AND has_cast_privilege(objid, 'any'))"
+                   " OR (classid = (select oid from pg_class where
relname = 'pg_collation'))"
[... long list ...]
That's quite hard to digest...

+static bool
+get_catalog_policy_string(Oid relationid, Form_pg_class
pg_class_tuple, char *buf)
This is an exceptionally weak interface at quick glance. This is using
SQL strings, and nothing is actually done regarding potentially
conflicting name types...

The number of new files included in policy.c is impressive as well..

This does not count as a full review though, so I am moving it to next
CF. Perhaps it will find its audience.
--
Michael


--
Sent via pgsql-hackers mailing list ([hidden email])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Multi-tenancy with RLS

Haribabu Kommi-2


On Mon, Oct 3, 2016 at 3:11 PM, Michael Paquier <[hidden email]> wrote:
On Tue, Jul 19, 2016 at 3:42 PM, Haribabu Kommi
<[hidden email]> wrote:
> The above changes are based on my understanding to the discussion occurred in
> this mail. In case if I miss anything, please let me know, i will
> correct the same.

The patch series still apply.

+                   " ((classid = (select oid from pg_class where
relname = 'pg_aggregate'))"
+                   " OR (classid = (select oid from pg_class where
relname = 'pg_cast') AND has_cast_privilege(objid, 'any'))"
+                   " OR (classid = (select oid from pg_class where
relname = 'pg_collation'))"
[... long list ...]
That's quite hard to digest...

+static bool
+get_catalog_policy_string(Oid relationid, Form_pg_class
pg_class_tuple, char *buf)
This is an exceptionally weak interface at quick glance. This is using
SQL strings, and nothing is actually done regarding potentially
conflicting name types...

The number of new files included in policy.c is impressive as well..

This does not count as a full review though, so I am moving it to next
CF. Perhaps it will find its audience.

As the patch doesn't receive full review. Just kept in the commitfest to
see any interest from others for this patch.

Moved to next CF with "needs review" status.

Regards,
Hari Babu
Fujitsu Australia
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Multi-tenancy with RLS

Haribabu Kommi-2


On Mon, Dec 5, 2016 at 4:31 PM, Haribabu Kommi <[hidden email]> wrote:


On Mon, Oct 3, 2016 at 3:11 PM, Michael Paquier <[hidden email]> wrote:
On Tue, Jul 19, 2016 at 3:42 PM, Haribabu Kommi
<[hidden email]> wrote:
> The above changes are based on my understanding to the discussion occurred in
> this mail. In case if I miss anything, please let me know, i will
> correct the same.

The patch series still apply.

+                   " ((classid = (select oid from pg_class where
relname = 'pg_aggregate'))"
+                   " OR (classid = (select oid from pg_class where
relname = 'pg_cast') AND has_cast_privilege(objid, 'any'))"
+                   " OR (classid = (select oid from pg_class where
relname = 'pg_collation'))"
[... long list ...]
That's quite hard to digest...

+static bool
+get_catalog_policy_string(Oid relationid, Form_pg_class
pg_class_tuple, char *buf)
This is an exceptionally weak interface at quick glance. This is using
SQL strings, and nothing is actually done regarding potentially
conflicting name types...

The number of new files included in policy.c is impressive as well..

This does not count as a full review though, so I am moving it to next
CF. Perhaps it will find its audience.

As the patch doesn't receive full review. Just kept in the commitfest to
see any interest from others for this patch.

Moved to next CF with "needs review" status.

This patch is not generating much interest from the community, may be
because of the design that is chosen to implement multi-tenancy.

Currently this patch is marked as rejected. 

Regards,
Hari Babu
Fujitsu Australia
1234
Previous Thread Next Thread
Loading...