undefined | Better HN

0 pointsinfogulch3y ago0 comments

So they create table-valued functions which support the "SECURITY INVOKER" security context, and then select from that function to form the view. I suppose there's a feature request somewhere to support the "SECURITY INVOKER" feature for views directly?

0 comments

infogulchOP3y ago

Well well lookie here:

commitdiff 2022-03-22: Add support for security invoker views. - https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit...

discussion 2021-12-17: [PATCH] Add reloption for views to enable RLS - https://www.postgresql.org/message-id/b66dd6d6-ad3e-c6f2-8b9...

explanatory blog post: 2022-03-22: Waiting for PostgreSQL 15 – Add support for security invoker views. - https://www.depesz.com/2022/03/22/waiting-for-postgresql-15-...

This seems to be slated for PG15: https://www.postgresql.org/docs/15/release-15.html#id-1.11.6...

> E.1.3.1.6. Privileges: Allow view access to be controlled by privileges of the view user (Christoph Heiss) Previously, view access could only be based on the view owner.

Syntatically it will look like:

    CREATE VIEW vista WITH (security_invoker=true) AS SELECT 'Hello World';

j / k navigate · click thread line to collapse