我正在学习使用 session 变量的 postgres 行级安全性。
create table user_table (
username text,
idx integer
);
alter table user_table enable row level security;
create policy user_p on user_table for select
using (idx <= (current_setting('my.idx',true)::int));
insert into user_table values('1',1),('2',2),('3',3);
输出:
# set my.idx = 2;
SET
# select * from user_table;
username | idx
----------+-----
1 | 1
2 | 2
3 | 3
(3 rows)
它应该显示用户名为“1”和“2”的 user_table,但它显示了所有内容。我错过了什么导致这个问题?
最佳答案
https://www.postgresql.org/docs/current/static/ddl-rowsecurity.html
When row security is enabled on a table (with ALTER TABLE ... ENABLE ROW LEVEL SECURITY), all normal access to the table for selecting rows or modifying rows must be allowed by a row security policy. (However, the table's owner is typically not subject to row security policies.)
(强调我的)
检查:
db=# grant select on user_table to ro;
GRANT
Time: 24.374 ms
db=# set role ro;
SET
Time: 0.305 ms
db=> select * from user_table;
username | idx
----------+-----
1 | 1
2 | 2
(2 rows)
Time: 10.557 ms
db=> set my.idx = 1;
SET
Time: 8.595 ms
db=> select * from user_table;
username | idx
----------+-----
1 | 1
(1 row)
关于sql - 具有 session 变量的 postgresql 行级安全性,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50589871/