组的行级安全性或使行加入组

kha*_*ldi 7 sql postgresql row-level-security

我希望表中的行只能访问组的成员.我通过以下方法创建用户并将其添加到组中,

CREATE USER abc LOGIN PASSWORD 'securedpassword1';
CREATE USER xyz LOGIN PASSWORD 'securedpassword2';

ALTER GROUP permanent ADD USER abc;
Run Code Online (Sandbox Code Playgroud)

然后我写的策略使它只对当前用户可访问.但我需要整个小组才能访问它.

CREATE TABLE table_Workers
(
    worID INT
    ,worName CHARACTER VARYING
    ,pgUser CHARACTER VARYING
);
INSERT INTO table_Workers VALUES 
(1,'Jason','abc'),(2,'Roy','abc'),(3,'Johny','abc')
,(4,'Jane','xyz'),(5,'Kane','xyz'),(6,'Stuart','xyz');


CREATE POLICY policy_employee_user ON table_Workers FOR ALL
TO PUBLIC USING (pgUser = current_user);

ALTER TABLE table_Workers ENABLE ROW LEVEL SECURITY;
Run Code Online (Sandbox Code Playgroud)

pgUser命名可以访问该行的用户.我希望用pgRole替换列pgUser,其中提到了组的名称,其成员可以访问该特定行.任何提示或方法都可以使整个组可以访问行.

小智 1

这似乎有效:

CREATE TABLE workers
(
    worid   int,
    worname text,
    pgrole text[]
);

INSERT INTO workers 
VALUES 
  (1,'Jason','{group1}'),
  (2,'Roy','{group1,group2}'),
  (3,'Johny','{group1}');

CREATE POLICY policy_employee_user ON workers FOR ALL
TO PUBLIC 
   USING ( (select count(*) 
            from unnest(pgrole) r 
            where pg_has_role(current_user, r, 'MEMBER')) > 0 );

ALTER TABLE workers ENABLE ROW LEVEL SECURITY;
Run Code Online (Sandbox Code Playgroud)