From 55a0982d1124f8a26926d172542fdc771ccdc594 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Tue, 18 Jan 2022 16:05:07 +0100 Subject: [PATCH 3/3] [PATCH v2 3/3] Add documentation for new security_invoker reloption on views Signed-off-by: Christoph Heiss --- doc/src/sgml/ref/alter_view.sgml | 10 ++++++++ doc/src/sgml/ref/create_view.sgml | 38 +++++++++++++++++++++++++------ 2 files changed, 41 insertions(+), 7 deletions(-) diff --git a/doc/src/sgml/ref/alter_view.sgml b/doc/src/sgml/ref/alter_view.sgml index 98c312c5bf..cb9df185e2 100644 --- a/doc/src/sgml/ref/alter_view.sgml +++ b/doc/src/sgml/ref/alter_view.sgml @@ -161,6 +161,16 @@ ALTER VIEW [ IF EXISTS ] name RESET + + security_invoker (boolean) + + + Changes the security-invoker property of the view. The value must + be Boolean value, such as true + or false. + + + diff --git a/doc/src/sgml/ref/create_view.sgml b/doc/src/sgml/ref/create_view.sgml index bf03287592..0507551c2d 100644 --- a/doc/src/sgml/ref/create_view.sgml +++ b/doc/src/sgml/ref/create_view.sgml @@ -152,6 +152,23 @@ CREATE VIEW [ schema . ] view_name + + + security_invoker (boolean) + + + If this option is set, it will cause all access to the underlying + tables to be checked as referenced by the invoking user, rather than + the view owner. This will only take effect when row level security is + enabled on the underlying tables (using + ALTER TABLE ... ENABLE ROW LEVEL SECURITY). + + This option can be changed on existing views using ALTER VIEW. See + for more details on row level security. + + + @@ -265,13 +282,20 @@ CREATE VIEW vista AS SELECT text 'Hello World' AS hello; - Access to tables referenced in the view is determined by permissions of - the view owner. In some cases, this can be used to provide secure but - restricted access to the underlying tables. However, not all views are - secure against tampering; see for - details. Functions called in the view are treated the same as if they had - been called directly from the query using the view. Therefore the user of - a view must have permissions to call all functions used by the view. + By default, access to tables referenced in the view is determined by + permissions of the view owner. In some cases, this can be used to provide + secure but restricted access to the underlying tables. However, not all + views are secure against tampering; see + for details. Functions called in the view are treated the same as if they + had been called directly from the query using the view. Therefore the user + of a view must have permissions to call all functions used by the view. + + + + If the security_invoker option is set on the view, + access to tables is determined by permissions of the invoking user, rather + than the view owner. This can be used to provide stricter permission + checking to the underlying tables than by default. -- 2.34.1