我希望表中的行仅可由组成员访问。我创建用户并通过以下方法将其添加到组中,
CREATE USER abc LOGIN PASSWORD 'securedpassword1'; CREATE USER xyz LOGIN PASSWORD 'securedpassword2'; ALTER GROUP permanent ADD USER abc;
然后,我编写的策略使其仅对当前用户可用。但是我需要整个小组来访问它。
CREATE TABLE table_Workers ( worID INT ,worName CHARACTER VARYING ,pgUser CHARACTER VARYING ); INSERT INTO table_Workers VALUES (1,'Jason','abc'),(2,'Roy','abc'),(3,'Johny','abc') ,(4,'Jane','xyz'),(5,'Kane','xyz'),(6,'Stuart','xyz'); CREATE POLICY policy_employee_user ON table_Workers FOR ALL TO PUBLIC USING (pgUser = current_user); ALTER TABLE table_Workers ENABLE ROW LEVEL SECURITY;
pgUser命名可以访问该行的用户。我希望将pgUser列替换为pgRole,其中提到了组的名称,该组的成员可以访问该特定行。任何使行可被整个组访问的提示或方法都是值得赞赏的。
这似乎可行:
CREATE TABLE workers ( worid int, worname text, pgrole text[] ); INSERT INTO workers VALUES (1,'Jason','{group1}'), (2,'Roy','{group1,group2}'), (3,'Johny','{group1}'); CREATE POLICY policy_employee_user ON workers FOR ALL TO PUBLIC USING ( (select count(*) from unnest(pgrole) r where pg_has_role(current_user, r, 'MEMBER')) > 0 ); ALTER TABLE workers ENABLE ROW LEVEL SECURITY;
