Add support for security invoker views

Enterprise / PostgreSQL - Dean Rasheed [gmail.com] - 22 March 2022 10:28 UTC

A security invoker view checks permissions for accessing its underlying base relations using the privileges of the user of the
view, rather than the privileges of the view owner. Additionally, if any of the base relations are tables with RLS enabled, the policies of the user of the view are applied, rather than those of the view owner.

This allows views to be defined without giving away additional privileges on the underlying base relations, and matches a similar feature available in other database systems.

It also allows views to operate more naturally with RLS, without affecting the assignments of policies to users.

Christoph Heiss, with some additional hacking by me. Reviewed by Laurenz Albe and Wolfgang Walther.

Discussion: https://postgr.es/m/b66dd6d6-ad3e-c6f2-8b90-47be773da240%40cybertec.at

7faa5fc84b Add support for security invoker views.
doc/src/sgml/ref/alter_view.sgml | 12 +-
doc/src/sgml/ref/create_policy.sgml | 4 +-
doc/src/sgml/ref/create_view.sgml | 105 +++++++++--
doc/src/sgml/ref/lock.sgml | 13 +-
doc/src/sgml/rules.sgml | 11 +-
src/backend/access/common/reloptions.c | 11 ++
src/backend/commands/lockcmds.c | 19 +-
src/backend/rewrite/rewriteHandler.c | 18 +-
src/backend/utils/cache/relcache.c | 73 +++++---
src/include/utils/rel.h | 11 ++
src/test/regress/expected/create_view.out | 46 ++++-
src/test/regress/expected/lock.out | 66 +++++++
src/test/regress/expected/rowsecurity.out | 257 +++++++++++++++++++++++++-
src/test/regress/expected/rules.out | 30 +++
src/test/regress/expected/updatable_views.out | 237 ++++++++++++++++++++++++
src/test/regress/sql/create_view.sql | 22 ++-
src/test/regress/sql/lock.sql | 49 +++++
src/test/regress/sql/rowsecurity.sql | 122 ++++++++++++
src/test/regress/sql/rules.sql | 28 +++
src/test/regress/sql/updatable_views.sql | 180 ++++++++++++++++++
20 files changed, 1239 insertions(+), 75 deletions(-)

Upstream: git.postgresql.org


  • Share