PostgreSQL - 在关系策略中检测到无限递归
PostgreSQL - infinite recursion detected in policy for relation
数据库中有 3 tables - 部门、员工、客户。一个部门有很多员工。员工包含列 department_id bigint
帐户 table 包含列 login varchar
、employee_id bigint
并用于将 Postgres 用户(角色)绑定到员工中的行。
我的目标是让用户仅查看和使用那些 department_id
的值与用户相同的 Employee 行。
一定是这样的:
CREATE POLICY locale_policy ON employee
TO justuser, operator
USING (department_id =
(SELECT department_id FROM employee WHERE id =
(SELECT employee_id FROM account WHERE login = CURRENT_USER)
)
)
但是由于来自 Employee 的子查询,它正在引发 infinite recursion detected in policy for relation employee
。
编辑:关系定义为:
create table department(
id serial primary key);
create table employee(
id serial primary key,
department_id int8 not null references department(id));
create table account(
id serial primary key,
login varchar(100) not null unique,
employee_id int8 not null unique references employee(id));
唉 rexter 不允许创建角色..
http://rextester.com/QDYC6798
create table department(
id serial primary key);
create table employee(
id serial primary key,
department_id int8 not null references department(id));
create table account(
id serial primary key,
login varchar(100) not null unique,
employee_id int8 not null unique references employee(id));
insert into department default values;
insert into department default values;
insert into employee (department_id ) select 1;
insert into employee (department_id ) select 2;
insert into account (login,employee_id) select 'justuser',1;
insert into account (login,employee_id) select 'operator',2;
create role justuser;
create role operator;
set role justuser;
select * from employee;
无法重现。这不是答案 - 只是一个格式化的脚本。解决后我会删除它
好吧,我不知道它有多体面,但它对我有用。我找到了创建视图的解决方案,其中是 current_user 部门的 ID,然后检查它是否匹配:
CREATE VIEW curr_department AS
(SELECT department_id as id FROM employee WHERE id =
(SELECT employee_id FROM account WHERE login = current_user)
);
CREATE POLICY locale_policy ON employee
TO justuser, operator
USING (department_id =
(SELECT id FROM curr_department)
);
数据库中有 3 tables - 部门、员工、客户。一个部门有很多员工。员工包含列 department_id bigint
帐户 table 包含列 login varchar
、employee_id bigint
并用于将 Postgres 用户(角色)绑定到员工中的行。
我的目标是让用户仅查看和使用那些 department_id
的值与用户相同的 Employee 行。
一定是这样的:
CREATE POLICY locale_policy ON employee
TO justuser, operator
USING (department_id =
(SELECT department_id FROM employee WHERE id =
(SELECT employee_id FROM account WHERE login = CURRENT_USER)
)
)
但是由于来自 Employee 的子查询,它正在引发 infinite recursion detected in policy for relation employee
。
编辑:关系定义为:
create table department(
id serial primary key);
create table employee(
id serial primary key,
department_id int8 not null references department(id));
create table account(
id serial primary key,
login varchar(100) not null unique,
employee_id int8 not null unique references employee(id));
唉 rexter 不允许创建角色.. http://rextester.com/QDYC6798
create table department(
id serial primary key);
create table employee(
id serial primary key,
department_id int8 not null references department(id));
create table account(
id serial primary key,
login varchar(100) not null unique,
employee_id int8 not null unique references employee(id));
insert into department default values;
insert into department default values;
insert into employee (department_id ) select 1;
insert into employee (department_id ) select 2;
insert into account (login,employee_id) select 'justuser',1;
insert into account (login,employee_id) select 'operator',2;
create role justuser;
create role operator;
set role justuser;
select * from employee;
无法重现。这不是答案 - 只是一个格式化的脚本。解决后我会删除它
好吧,我不知道它有多体面,但它对我有用。我找到了创建视图的解决方案,其中是 current_user 部门的 ID,然后检查它是否匹配:
CREATE VIEW curr_department AS
(SELECT department_id as id FROM employee WHERE id =
(SELECT employee_id FROM account WHERE login = current_user)
);
CREATE POLICY locale_policy ON employee
TO justuser, operator
USING (department_id =
(SELECT id FROM curr_department)
);