Difference between revisions of "Postgres Access Control"

From UVOO Tech Wiki
Jump to navigation Jump to search
Line 1: Line 1:
https://www.enterprisedb.com/postgres-tutorials/how-implement-column-and-row-level-security-postgresql
+
# Setup test database and tables
 +
```
 +
CREATE DATABASE test_database;
 +
\c test_database
  
https://www.techonthenet.com/postgresql/grant_revoke.php
+
CREATE TABLE contacts(
 +
    name TEXT NOT NULL,
 +
    rls_role text DEFAULT current_user
 +
);
 +
create role joe1;
 +
create role joe2;
 +
GRANT SELECT, INSERT, UPDATE, DELETE ON contacts to joe1,joe2;
 +
ALTER TABLE contacts ENABLE ROW LEVEL SECURITY;
 +
CREATE POLICY public_contacts_rls_policy ON public.contacts USING (rls_role=current_user);
 +
 
 +
 
 +
 
 +
set role joe1
 +
insert into contacts (name) values ('joe1 1');
 +
insert into contacts (name) values ('joe1 2');
 +
select * from contacts;
 +
 
 +
set role joe2
 +
insert into contacts (name) values ('joe2 1');
 +
insert into contacts (name) values ('joe2 2');
 +
select * from contacts;
 +
update contacts set name = 'joe2 1 updated' where name ='joe2 1'
 +
delete * from contacts;
 +
```
 +
 
 +
# Disable temporarily
 +
```
 +
ALTER TABLE contacts DISABLE ROW LEVEL SECURITY;
 +
... do stuff
 +
ALTER TABLE contacts ENABLE ROW LEVEL SECURITY;
 +
```
 +
 
 +
# Use different schema then default public
 +
```
 +
CREATE SCHEMA test_schema;
 +
ALTER USER postgres SET search_path = tester, public;
 +
SELECT * from information_schema.schemata;
 +
```
 +
 
 +
# Refs
 +
- https://www.enterprisedb.com/postgres-tutorials/how-implement-column-and-row-level-security-postgresql
 +
- https://www.techonthenet.com/postgresql/grant_revoke.php

Revision as of 23:44, 16 January 2021

Setup test database and tables

CREATE DATABASE test_database;
\c test_database

CREATE TABLE contacts(
    name TEXT NOT NULL,
    rls_role text DEFAULT current_user
);
create role joe1;
create role joe2;
GRANT SELECT, INSERT, UPDATE, DELETE ON contacts to joe1,joe2;
ALTER TABLE contacts ENABLE ROW LEVEL SECURITY;
CREATE POLICY public_contacts_rls_policy ON public.contacts USING (rls_role=current_user);



set role joe1
insert into contacts (name) values ('joe1 1');
insert into contacts (name) values ('joe1 2');
select * from contacts;

set role joe2
insert into contacts (name) values ('joe2 1');
insert into contacts (name) values ('joe2 2');
select * from contacts;
update contacts set name = 'joe2 1 updated' where name ='joe2 1'
delete * from contacts;

Disable temporarily

ALTER TABLE contacts DISABLE ROW LEVEL SECURITY;
... do stuff
ALTER TABLE contacts ENABLE ROW LEVEL SECURITY;

Use different schema then default public

CREATE SCHEMA test_schema;
ALTER USER postgres SET search_path = tester, public;
SELECT * from information_schema.schemata;

Refs

Retrieved from "https://tech.uvoo.io/index.php?title=Postgres_Access_Control&oldid=1107"