1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
/*-------------------------------------------------------------------------
*
* rls.h
* Header file for Row Level Security (RLS) utility commands to be used
* with the rowsecurity feature.
*
* Copyright (c) 2007-2023, PostgreSQL Global Development Group
*
* src/include/utils/rls.h
*
*-------------------------------------------------------------------------
*/
#ifndef RLS_H
#define RLS_H
/* GUC variable */
extern __thread PGDLLIMPORT bool row_security;
/*
* Used by callers of check_enable_rls.
*
* RLS could be completely disabled on the tables involved in the query,
* which is the simple case, or it may depend on the current environment
* (the role which is running the query or the value of the row_security
* GUC), or it might be simply enabled as usual.
*
* If RLS isn't on the table involved then RLS_NONE is returned to indicate
* that we don't need to worry about invalidating the query plan for RLS
* reasons. If RLS is on the table, but we are bypassing it for now, then
* we return RLS_NONE_ENV to indicate that, if the environment changes,
* we need to invalidate and replan. Finally, if RLS should be turned on
* for the query, then we return RLS_ENABLED, which means we also need to
* invalidate if the environment changes.
*
* Note that RLS_ENABLED will also be returned if noError is true
* (indicating that the caller simply want to know if RLS should be applied
* for this user but doesn't want an error thrown if it is; this is used
* by other error cases where we're just trying to decide if data from the
* table should be passed back to the user or not).
*/
enum CheckEnableRlsResult
{
RLS_NONE,
RLS_NONE_ENV,
RLS_ENABLED
};
extern int check_enable_rls(Oid relid, Oid checkAsUser, bool noError);
#endif /* RLS_H */
|