kha*_*ldi 7 sql postgresql row-level-security
我希望表中的行只能访问组的成员.我通过以下方法创建用户并将其添加到组中,
CREATE USER abc LOGIN PASSWORD 'securedpassword1';
CREATE USER xyz LOGIN PASSWORD 'securedpassword2';
ALTER GROUP permanent ADD USER abc;
然后我写的策略使它只对当前用户可访问.但我需要整个小组才能访问它.
CREATE TABLE table_Workers
(
worID INT
,worName CHARACTER VARYING
,pgUser CHARACTER VARYING
);
INSERT INTO table_Workers VALUES
(1,'Jason','abc'),(2,'Roy','abc'),(3,'Johny','abc')
,(4,'Jane','xyz'),(5,'Kane','xyz'),(6,'Stuart','xyz');
CREATE POLICY policy_employee_user ON table_Workers FOR ALL
TO PUBLIC USING (pgUser = current_user);
ALTER TABLE table_Workers ENABLE ROW LEVEL SECURITY;
pgUser命名可以访问该行的用户.我希望用pgRole替换列pgUser,其中提到了组的名称,其成员可以访问该特定行.任何提示或方法都可以使整个组可以访问行.
小智 1
这似乎有效:
CREATE TABLE workers
(
worid int,
worname text,
pgrole text[]
);
INSERT INTO workers
VALUES
(1,'Jason','{group1}'),
(2,'Roy','{group1,group2}'),
(3,'Johny','{group1}');
CREATE POLICY policy_employee_user ON workers FOR ALL
TO PUBLIC
USING ( (select count(*)
from unnest(pgrole) r
where pg_has_role(current_user, r, 'MEMBER')) > 0 );
ALTER TABLE workers ENABLE ROW LEVEL SECURITY;
| 归档时间: |
|
| 查看次数: |
232 次 |
| 最近记录: |