On 01/18/2014 03:27 AM, Gregory Smith wrote:
> With my advocacy hat on, I'd like to revisit this idea now that there's
> a viable updatable security barrier view submission. I thought the most
> serious showstopper feedback from the last CF's RLS submission was that
> this needed to be sorted out first. Reworking KaiGai's submission to
> merge against Dean's new one makes it viable again in my mind, and I'd
> like to continue toward re-reviewing it as part of this CF in that
> light.
I had hoped to have this done weeks ago, but was blocked on getting a
viable approach to updatable security barrier views in place. I really
appreciate Dean, with his greater experience and skill in this area,
looking into it.
As it is I'm spending today reworking the RLS patch on top of the new
approach to updatable security barrier views.
Then it'll be a matter of tests, lots and lots of tests of every weird
corner I can think of.
> Admittedly it's not ideal to try and do that at the same time
> the barrier view patch is being modified, but I see that as a normal CF
> merge of things based on other people's submissions.
I tend to agree - and the whole idea of reworking RLS on top of
updatable security barrier views is that it makes the patch for RLS's UI
and catalogs largely independent from the mechanics of filtering rows.
> I mentioned advocacy because the budding new PostgreSQL test instances
> I'm seeing now will lose a lot of momentum if we end up with no user
> visible RLS features in 9.4. The pieces we have now can assemble into
> something that's useful, and I don't think that goal is unreasonably far
> away.
If it's possible, getting _something_ into 9.4 would be great. I'm aware
of multiple interested users who originally expected this in 9.3. That
hasn't worked out, but it'd be great to make 9.4.
-- Craig Ringer http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services