summaryrefslogtreecommitdiff
path: root/src/include/utils/rls.h
blob: 3770ddc2163ea2fb37acdeb01289332b0441f3e2 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

/*-------------------------------------------------------------------------
 *
 * rls.h
 *	  Header file for Row Level Security (RLS) utility commands to be used
 *	  with the rowsecurity feature.
 *
 * Copyright (c) 2007-2015, PostgreSQL Global Development Group
 *
 * src/include/utils/rls.h
 *
 *-------------------------------------------------------------------------
 */
#ifndef RLS_H
#define RLS_H

/* GUC variable */
extern int	row_security;

/* Possible values for row_security GUC */
typedef enum RowSecurityConfigType
{
	ROW_SECURITY_OFF,			/* RLS never applied- error thrown if no priv */
	ROW_SECURITY_ON,			/* normal case, RLS applied for regular users */
	ROW_SECURITY_FORCE			/* RLS applied for superusers and table owners */
}	RowSecurityConfigType;

/*
 * Used by callers of check_enable_rls.
 *
 * RLS could be completely disabled on the tables involved in the query,
 * which is the simple case, or it may depend on the current environment
 * (the role which is running the query or the value of the row_security
 * GUC- on, off, or force), or it might be simply enabled as usual.
 *
 * If RLS isn't on the table involved then RLS_NONE is returned to indicate
 * that we don't need to worry about invalidating the query plan for RLS
 * reasons.  If RLS is on the table, but we are bypassing it for now, then
 * we return RLS_NONE_ENV to indicate that, if the environment changes,
 * we need to invalidate and replan.  Finally, if RLS should be turned on
 * for the query, then we return RLS_ENABLED, which means we also need to
 * invalidate if the environment changes.
 *
 * Note that RLS_ENABLED will also be returned if noError is true
 * (indicating that the caller simply want to know if RLS should be applied
 * for this user but doesn't want an error thrown if it is; this is used
 * by other error cases where we're just trying to decide if data from the
 * table should be passed back to the user or not).
 */
enum CheckEnableRlsResult
{
	RLS_NONE,
	RLS_NONE_ENV,
	RLS_ENABLED
};

extern int	check_enable_rls(Oid relid, Oid checkAsUser, bool noError);

#endif   /* RLS_H */
View Lorry Controller Status