1 /*------------------------------------------------------------------------- 2 * 3 * rls.h 4 * Header file for Row Level Security (RLS) utility commands to be used 5 * with the rowsecurity feature. 6 * 7 * Copyright (c) 2007-2021, PostgreSQL Global Development Group 8 * 9 * src/include/utils/rls.h 10 * 11 *------------------------------------------------------------------------- 12 */ 13 #ifndef RLS_H 14 #define RLS_H 15 16 /* GUC variable */ 17 extern bool row_security; 18 19 /* 20 * Used by callers of check_enable_rls. 21 * 22 * RLS could be completely disabled on the tables involved in the query, 23 * which is the simple case, or it may depend on the current environment 24 * (the role which is running the query or the value of the row_security 25 * GUC), or it might be simply enabled as usual. 26 * 27 * If RLS isn't on the table involved then RLS_NONE is returned to indicate 28 * that we don't need to worry about invalidating the query plan for RLS 29 * reasons. If RLS is on the table, but we are bypassing it for now, then 30 * we return RLS_NONE_ENV to indicate that, if the environment changes, 31 * we need to invalidate and replan. Finally, if RLS should be turned on 32 * for the query, then we return RLS_ENABLED, which means we also need to 33 * invalidate if the environment changes. 34 * 35 * Note that RLS_ENABLED will also be returned if noError is true 36 * (indicating that the caller simply want to know if RLS should be applied 37 * for this user but doesn't want an error thrown if it is; this is used 38 * by other error cases where we're just trying to decide if data from the 39 * table should be passed back to the user or not). 40 */ 41 enum CheckEnableRlsResult 42 { 43 RLS_NONE, 44 RLS_NONE_ENV, 45 RLS_ENABLED 46 }; 47 48 extern int check_enable_rls(Oid relid, Oid checkAsUser, bool noError); 49 50 #endif /* RLS_H */ 51