1 /*-------------------------------------------------------------------------
2  *
3  * rls.h
4  *	  Header file for Row Level Security (RLS) utility commands to be used
5  *	  with the rowsecurity feature.
6  *
7  * Copyright (c) 2007-2017, PostgreSQL Global Development Group
8  *
9  * src/include/utils/rls.h
10  *
11  *-------------------------------------------------------------------------
12  */
13 #ifndef RLS_H
14 #define RLS_H
15 
16 /* GUC variable */
17 extern bool row_security;
18 
19 /*
20  * Used by callers of check_enable_rls.
21  *
22  * RLS could be completely disabled on the tables involved in the query,
23  * which is the simple case, or it may depend on the current environment
24  * (the role which is running the query or the value of the row_security
25  * GUC), or it might be simply enabled as usual.
26  *
27  * If RLS isn't on the table involved then RLS_NONE is returned to indicate
28  * that we don't need to worry about invalidating the query plan for RLS
29  * reasons.  If RLS is on the table, but we are bypassing it for now, then
30  * we return RLS_NONE_ENV to indicate that, if the environment changes,
31  * we need to invalidate and replan.  Finally, if RLS should be turned on
32  * for the query, then we return RLS_ENABLED, which means we also need to
33  * invalidate if the environment changes.
34  *
35  * Note that RLS_ENABLED will also be returned if noError is true
36  * (indicating that the caller simply want to know if RLS should be applied
37  * for this user but doesn't want an error thrown if it is; this is used
38  * by other error cases where we're just trying to decide if data from the
39  * table should be passed back to the user or not).
40  */
41 enum CheckEnableRlsResult
42 {
43 	RLS_NONE,
44 	RLS_NONE_ENV,
45 	RLS_ENABLED
46 };
47 
48 extern int	check_enable_rls(Oid relid, Oid checkAsUser, bool noError);
49 
50 #endif							/* RLS_H */
51