ALTER VIEW <replaceable class="parameter">name</replaceable> OWNER TO <replaceable class="PARAMETER">new_owner</replaceable>

ALTER VIEW <replaceable class="parameter">name</replaceable> RENAME TO <replaceable class="parameter">new_name</replaceable>

ALTER VIEW <replaceable class="parameter">name</replaceable> SET SCHEMA <replaceable class="parameter">new_schema</replaceable>

ALTER VIEW <replaceable class="parameter">name</replaceable> SET ( <replaceable class="parameter">view_option_name</replaceable> [= <replaceable class="parameter">view_option_value</replaceable>] [, ... ] )

ALTER VIEW <replaceable class="parameter">name</replaceable> RESET ( <replaceable class="parameter">view_option_name</replaceable> [, ... ] )

</synopsis>

</refsynopsisdiv>

</para>

</listitem>

</varlistentry>

<varlistentry>

<term><replaceable class="parameter">view_option_name</replaceable></term>

<listitem>

<para>

The name of a view option to be set or reset.

</para>

</listitem>

</varlistentry>

<varlistentry>

<term><replaceable class="parameter">view_option_name</replaceable></term>

<listitem>

<para>

The new value for a view option.

</para>

</listitem>

</varlistentry>

</variablelist>

</refsect1>

<refsynopsisdiv>

<synopsis>

CREATE [ OR REPLACE ] [ TEMP | TEMPORARY ] VIEW <replaceable class="PARAMETER">name</replaceable> [ ( <replaceable class="PARAMETER">column_name</replaceable> [, ...] ) ]

[ WITH ( <replaceable class="PARAMETER">view_option_name</replaceable> [= <replaceable class="PARAMETER">view_option_value</replaceable>] [, ... ] ) ]

AS <replaceable class="PARAMETER">query</replaceable>

</synopsis>

</refsynopsisdiv>

</listitem>

</varlistentry>

<varlistentry>

<term><literal>WITH ( <replaceable class="PARAMETER">view_option_name</replaceable> [= <replaceable class="PARAMETER">view_option_value</replaceable>] [, ... ] )</literal></term>

<listitem>

<para>

This clause specifies optional parameters for a view; currently, the

only suppored parameter name is <literal>security_barrier</literal>,

which should be enabled when a view is intended to provide row-level

security. See <xref linkend="rules-privileges"> for full details.

</para>

</listitem>

</varlistentry>

<varlistentry>

<term><replaceable class="parameter">query</replaceable></term>

<listitem>

<para>

Note that while views can be used to hide the contents of certain

columns using the technique shown above, they cannot be used to reliably

conceal the data in unseen rows. For example, the following view is

insecure:

conceal the data in unseen rows unless the

<literal>security_barrier</literal> flag has been set. For example,

the following view is insecure:

<programlisting>

CREATE VIEW phone_number AS

SELECT person, phone FROM phone_data WHERE phone NOT LIKE '412%';

which references <literal>shoelace_log</> is an unqualified

<literal>INSERT</>. This might not be true in more complex scenarios.

</para>

<para>

When it is necessary for a view to provide row-level security, the

<literal>security_barrier</literal> attribute should be applied to

the view. This prevents maliciously-chosen functions and operators from

being invoked on rows until afterthe view has done its work. For

example, if the view shown above had been created like this, it would

be secure:

<programlisting>

CREATE VIEW phone_number WITH (security_barrier) AS

SELECT person, phone FROM phone_data WHERE phone NOT LIKE '412%';

</programlisting>

Views created with the <literal>security_barrier</literal> may perform

far worse than views created without this option. In general, there is

no way to avoid this: the fastest possible plan must be rejected

if it may compromise security. For this reason, this option is not

enabled by default.

</para>

<para>

It is important to understand that even a view created with the

<literal>security_barrier</literal> option is intended to be secure only

in the limited sense that the contents of the invisible tuples will not

passed to possibly-insecure functions. The user may well have other means

of making inferences about the unseen data; for example, they can see the

query plan using <command>EXPLAIN</command>, or measure the runtime of

queries against the view. A malicious attacker might be able to infer

something about the amount of unseen data, or even gain some information

about the data distribution or most common values (since these things may

affect the runtime of the plan; or even, since they are also reflected in

the optimizer statistics, the choice of plan). If these types of "covert

channel" attacks are of concern, it is probably unwise to grant any access

to the data at all.

</para>

</sect1>

<sect1 id="rules-status">

},

true

},

{

{

"security_barrier",

"View acts as a row security barrier",

},

false

},

{{NULL}}

};

{

caseRELKIND_RELATION:

caseRELKIND_TOASTVALUE:

caseRELKIND_VIEW:

caseRELKIND_UNCATALOGED:

options=heap_reloptions(classForm->relkind,datum, false);

break;

{"autovacuum_vacuum_scale_factor",RELOPT_TYPE_REAL,

offsetof(StdRdOptions,autovacuum)+offsetof(AutoVacOpts,vacuum_scale_factor)},

{"autovacuum_analyze_scale_factor",RELOPT_TYPE_REAL,

offsetof(StdRdOptions,autovacuum)+offsetof(AutoVacOpts,analyze_scale_factor)}

offsetof(StdRdOptions,autovacuum)+offsetof(AutoVacOpts,analyze_scale_factor)},

{"security_barrier",RELOPT_TYPE_BOOL,

offsetof(StdRdOptions,security_barrier)},

};

options=parseRelOptions(reloptions,validate,kind,&numoptions);

}

heap_reloptions(charrelkind,Datumreloptions,boolvalidate)

return (bytea*)rdopts;

caseRELKIND_RELATION:

returndefault_reloptions(reloptions,validate,RELOPT_KIND_HEAP);

caseRELKIND_VIEW:

returndefault_reloptions(reloptions,validate,RELOPT_KIND_VIEW);

default:

returnNULL;

staticvoidATPrepSetTableSpace(AlteredTableInfo*tab,Relationrel,

char*tablespacename,LOCKMODElockmode);

staticvoidATExecSetTableSpace(OidtableOid,OidnewTableSpace,LOCKMODElockmode);

staticvoidATExecSetRelOptions(Relationrel,List*defList,boolisReset,LOCKMODElockmode);

staticvoidATExecSetRelOptions(Relationrel,List*defList,

AlterTableTypeoperation,

LOCKMODElockmode);

staticvoidATExecEnableDisableTrigger(Relationrel,char*trigname,

charfires_when,boolskip_system,LOCKMODElockmode);

staticvoidATExecEnableDisableRule(Relationrel,char*rulename,

caseAT_DropCluster:

caseAT_SetRelOptions:

caseAT_ResetRelOptions:

caseAT_ReplaceRelOptions:

caseAT_SetOptions:

caseAT_ResetOptions:

caseAT_SetStorage:

pass=AT_PASS_MISC;/* doesn't actually matter */

break;

caseAT_SetRelOptions:/* SET (...) */

caseAT_ResetRelOptions:/* RESET (...) */

ATSimplePermissions(rel,ATT_TABLE |ATT_INDEX);

caseAT_ResetRelOptions:/* RESET (...) */

caseAT_ReplaceRelOptions:/* reset them all, then set just these */

ATSimplePermissions(rel,ATT_TABLE |ATT_INDEX |ATT_VIEW);

pass=AT_PASS_MISC;

break;

caseAT_SetRelOptions:/* SET (...) */

ATExecSetRelOptions(rel, (List*)cmd->def, false,lockmode);

break;

caseAT_ResetRelOptions:/* RESET (...) */

ATExecSetRelOptions(rel, (List*)cmd->def, true,lockmode);

caseAT_ReplaceRelOptions:/* replace entire option list */

ATExecSetRelOptions(rel, (List*)cmd->def,cmd->subtype,lockmode);

break;

caseAT_EnableTrig:/* ENABLE TRIGGER name */

ATExecEnableDisableTrigger(rel,cmd->name,

TRIGGER_FIRES_ON_ORIGIN, false,lockmode);

}

ATExecSetRelOptions(Relationrel,List*defList,boolisReset,LOCKMODElockmode)

ATExecSetRelOptions(Relationrel,List*defList,AlterTableTypeoperation,

LOCKMODElockmode)

{

Oidrelid;

Relationpgclass;

boolrepl_repl[Natts_pg_class];

staticchar*validnsps[]=HEAP_RELOPT_NAMESPACES;

if (defList==NIL)

if (defList==NIL&&operation!=AT_ReplaceRelOptions)

return;/* nothing to do */

pgclass=heap_open(RelationRelationId,RowExclusiveLock);

relid=RelationGetRelid(rel);

tuple=SearchSysCache1(RELOID,ObjectIdGetDatum(relid));

if (!HeapTupleIsValid(tuple))

elog(ERROR,"cache lookup failed for relation %u",relid);

datum=SysCacheGetAttr(RELOID,tuple,Anum_pg_class_reloptions,&isnull);

if (operation==AT_ReplaceRelOptions)

{

datum= (Datum)0;

isnull= true;

}

{

datum=SysCacheGetAttr(RELOID,tuple,Anum_pg_class_reloptions,

&isnull);

}

newOptions=transformRelOptions(isnull ? (Datum)0 :datum,

defList,NULL,validnsps, false,isReset);

defList,NULL,validnsps, false,

operation==AT_ResetRelOptions);

switch (rel->rd_rel->relkind)

{

caseRELKIND_RELATION:

caseRELKIND_TOASTVALUE:

caseRELKIND_VIEW:

(void)heap_reloptions(rel->rd_rel->relkind,newOptions, true);

break;

caseRELKIND_INDEX:

toastrel=heap_open(toastid,lockmode);

tuple=SearchSysCache1(RELOID,ObjectIdGetDatum(toastid));

if (!HeapTupleIsValid(tuple))

elog(ERROR,"cache lookup failed for relation %u",toastid);

datum=SysCacheGetAttr(RELOID,tuple,Anum_pg_class_reloptions,&isnull);

if (operation==AT_ReplaceRelOptions)

{

datum= (Datum)0;

isnull= true;

}

{

datum=SysCacheGetAttr(RELOID,tuple,Anum_pg_class_reloptions,

&isnull);

}

newOptions=transformRelOptions(isnull ? (Datum)0 :datum,

defList,"toast",validnsps, false,isReset);

defList,"toast",validnsps, false,

operation==AT_ResetRelOptions);

(void)heap_reloptions(RELKIND_TOASTVALUE,newOptions, true);

staticvoidcheckViewTupleDesc(TupleDescnewdesc,TupleDescolddesc);

DefineVirtualRelation(constRangeVar*relation,List*tlist,boolreplace,

OidnamespaceId)

OidnamespaceId,List*options)

{

OidviewOid;

CreateStmt*createStmt=makeNode(CreateStmt);

{

Relationrel;

TupleDescdescriptor;

List*atcmds=NIL;

AlterTableCmd*atcmd;

descriptor=BuildDescForRelation(attrList);

checkViewTupleDesc(descriptor,rel->rd_att);

atcmd=makeNode(AlterTableCmd);

atcmd->subtype=AT_ReplaceRelOptions;

atcmd->def= (Node*)options;

atcmds=lappend(atcmds,atcmd);

if (list_length(attrList)>rel->rd_att->natts)

{

List*atcmds=NIL;

ListCell*c;

intskip=rel->rd_att->natts;

foreach(c,attrList)

{

AlterTableCmd*atcmd;

if (skip>0)

{

skip--;

atcmd->def= (Node*)lfirst(c);

atcmds=lappend(atcmds,atcmd);

}

AlterTableInternal(viewOid,atcmds, true);

}

AlterTableInternal(viewOid,atcmds, true);

createStmt->tableElts=attrList;

createStmt->inhRelations=NIL;

createStmt->constraints=NIL;

createStmt->options=list_make1(defWithOids(false));

createStmt->options=options;

createStmt->options=lappend(options,defWithOids(false));

createStmt->oncommit=ONCOMMIT_NOOP;

createStmt->tablespacename=NULL;

createStmt->if_not_exists= false;

viewOid=DefineVirtualRelation(view,viewParse->targetList,

stmt->replace,namespaceId);

stmt->replace,namespaceId,stmt->options);