Pow*_*der 5 sql postgresql policy row-level-security
数据库中有 3 个表 - 部门、员工、帐户。一个部门有很多员工。Employee 包含列department_id bigintAccount 表包含 columns login varchar,employee_id bigint用于将 Postgres 用户(角色)绑定到 Employee 中的行。
我的目标是让用户仅查看和使用 Employee 的值与department_id用户相同的那些行。
一定有类似的东西:
CREATE POLICY locale_policy ON employee
TO justuser, operator
USING (department_id =
(SELECT department_id FROM employee WHERE id =
(SELECT employee_id FROM account WHERE login = CURRENT_USER)
)
)
但由于 Employee 的子查询,它正在提高infinite recursion detected in policy for relation employee。
编辑:关系定义为:
create table department(
id serial primary key);
create table employee(
id serial primary key,
department_id int8 not null references department(id));
create table account(
id serial primary key,
login varchar(100) not null unique,
employee_id int8 not null unique references employee(id));
好吧,我不知道它有多好,但它对我有用。我找到了一个解决方案,创建一个视图,其中 current_user 的部门 id ,然后检查它是否匹配:
CREATE VIEW curr_department AS
(SELECT department_id as id FROM employee WHERE id =
(SELECT employee_id FROM account WHERE login = current_user)
);
CREATE POLICY locale_policy ON employee
TO justuser, operator
USING (department_id =
(SELECT id FROM curr_department)
);
| 归档时间: |
|
| 查看次数: |
5566 次 |
| 最近记录: |