Row-Level Security Policy
The row-level security feature enables database access control to be accurate to each row of data tables. In this way, the same SQL query may return different results for different users.
You can create a row-level security policy for a data table. The policy defines an expression that takes effect only for specific database users and SQL operations. When a database user accesses the data table, if an SQL statement meets the specified row-level security policies of the data table, the expressions that meet the specified condition will be combined by using AND or OR based on the attribute type (PERMISSIVE | RESTRICTIVE) and applied to the execution plan in the query optimization phase.
Row-level security policy is used to control the visibility of row-level data in tables. By predefining filters for data tables, the expressions that meet the specified condition can be applied to execution plans in the query optimization phase, which will affect the final execution result. Currently, the SQL statements that can be affected include SELECT, UPDATE, and DELETE.
Scenario 1: A table summarizes the data of different users. Users can view only their own data.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 |
-- Create users alice, bob, and peter. gaussdb=# CREATE USER alice PASSWORD '********'; gaussdb=# CREATE USER bob PASSWORD '********'; gaussdb=# CREATE USER peter PASSWORD '********'; -- Create the all_data table that contains user information. gaussdb=# CREATE TABLE all_data(id int, role varchar(100), data varchar(100)); -- Insert data into the data table. gaussdb=# INSERT INTO all_data VALUES(1, 'alice', 'alice data'); gaussdb=# INSERT INTO all_data VALUES(2, 'bob', 'bob data'); gaussdb=# INSERT INTO all_data VALUES(3, 'peter', 'peter data'); -- Grant the read permission for the all_data table to users alice, bob, and peter. gaussdb=# GRANT SELECT ON all_data TO alice, bob, peter; -- Enable row-level security policy. gaussdb=# ALTER TABLE all_data ENABLE ROW LEVEL SECURITY; -- Create a row-level security policy to specify that the current user can view only their own data. gaussdb=# CREATE ROW LEVEL SECURITY POLICY all_data_rls ON all_data USING(role = CURRENT_USER); -- View table details. gaussdb=# \d+ all_data Table "public.all_data" Column | Type | Modifiers | Storage | Stats target | Description --------+------------------------+-----------+----------+--------------+------------- id | integer | | plain | | role | character varying(100) | | extended | | data | character varying(100) | | extended | | Row Level Security Policies: POLICY "all_data_rls" FOR ALL TO public USING (((role)::name = "current_user"())) Has OIDs: no Distribute By: HASH(id) Location Nodes: ALL DATANODES Options: orientation=row, compression=no, enable_rowsecurity=true -- Switch to user alice and run SELECT * FROM public.all_data. gaussdb=# SELECT * FROM public.all_data; id | role | data ----+-------+------------ 1 | alice | alice data (1 row) gaussdb=# EXPLAIN(COSTS OFF) SELECT * FROM public.all_data; QUERY PLAN ---------------------------------------------------------------- Streaming (type: GATHER) Node/s: All datanodes -> Seq Scan on all_data Filter: ((role)::name = 'alice'::name) Notice: This query is influenced by row level security feature (5 rows) -- Switch to user peter and run SELECT * FROM public.all_data. gaussdb=# SELECT * FROM public.all_data; id | role | data ----+-------+------------ 3 | peter | peter data (1 row) gaussdb=# EXPLAIN(COSTS OFF) SELECT * FROM public.all_data; QUERY PLAN ---------------------------------------------------------------- Streaming (type: GATHER) Node/s: All datanodes -> Seq Scan on all_data Filter: ((role)::name = 'peter'::name) Notice: This query is influenced by row level security feature (5 rows) |
PG_STATISTIC and PG_STATISTIC_EXT store sensitive information about statistical objects, such as high-frequency MCVs. If the permission to query the two system catalogs is granted to a common user after the row-level security policy is created, the common user can still access the two system catalogs to obtain sensitive information in the statistical objects.
PG_STATS, PG_EXT_STATS, and PG_GTT_STATS are statistics query views and are used to verify users' SELECT permission on columns. If a common user has the SELECT permission and row-level security exists in the table, the common user may query some data that cannot be queried but appears frequently in the statistics. (The data is not the entire row but only a value of a column. The statistics are collected and calculated by column.)
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot