Multi-Region Row Level Security in CockroachDB

https://www.cockroachlabs.com/blog/fine-grained-access-control-row-level-security/

50•rusticwizard•7mo ago

Comments

jayzalowitz•7mo ago

well done!

DSingularity•7mo ago

The first example demonstrating row level security contains results from the wrong tenant.

sebmellen•7mo ago

Is that true? I can’t quite follow it on mobile.

rsclarke•7mo ago

Yes, the example shows setting the current tenant id to all ones and then performing a select revealing a tenant id of all twos.

The same result is displayed in another example when correctly using a tenant id of all twos. A mistake perhaps of wrong output with the wording in the article is all.

rusticwizard•7mo ago

Ah nice catch! This is an unfortunate copy paste error on the content on our part and we will fix it first thing tomorrow.

journal•7mo ago

Doesn't same database multi-tenancy defeats the one-tenant one-database advantage of being able to easily disaster recover a single tenant or allow for easily moving a tenant and all their stuff to a dedicated box?

esseph•7mo ago

At a certain scale they'd be sharded and not on a single instance anyway, right?

journal•7mo ago

somewhere only in one place there will be main index with at least references to locations where to find others. at the top somewhere there is always just a flat list. this is a multi-dimensional problem. i really want to know real life scenario someone arguing for or against this. really interested to see what side people pick and where they draw the line of what it means to be multi-tenant. personally, i will never again write multi-tenant code ever again in my life. the implementation i've modeled for myself because i understood that immediate backup and restore is more important than fancy multi-tenancy.

jandrewrogers•7mo ago

Even then, you do want to provide some degree of hardware-adjacent isolation to limit not just the blast radius but also computational cost of some DDL operations in a multi-tenant setup.

For example, you generally only want to have one tenant’s data per storage page. There are many famous ways that interleaving different tenants’ data at a fine-grained level can go very wrong.

bob1029•7mo ago

Aggregating all tenants into the same tables could provide you with much more robust statistics for the query planner to use.

There are also advantages from a cache utilization standpoint if the system is heavily loaded.

jandrewrogers•7mo ago

Having tenants in the same tables is compatible with their data being on separate pages.

bob1029•7mo ago

I am arguing for the I/O benefit of sharing pages between tenants.

I understand there are potential regulatory concerns with this, but I've never seen an audit get even remotely close to this level of detail.

v5v3•7mo ago

Haven't looked at their offering but a lot of cloud managed db's charge per dB rather than a virtual server grouping.

So there will be a cost per dB A cost to backup that dB Etc

And so a lot of companies, particularly startup, will keep one large dB.

sqlitor•7mo ago

What happens if an attacker executes `SET app.current_tenant` a second time on the existing connection (e.g. through SQL injection)?

rusticwizard•7mo ago

If you go the session variable route and are concerned about SQL injection, this paradigm won't likely work for you. However, you can replace the session variable with a role per tenant which avoids the scenario you are describing. The caveat there is that you will now have to manage a role per tenant which can be troublesome if you are trying to pack lots of tenants.

We're planning to introduce an immutable session variable later this year to make the session-based approach more viable. It won't stop someone from tampering with the tenant_id before it's initially set, but it will prevent any changes afterward. Though in practice, most of our customers aren’t too concerned. They have application-layer guardrails in place and are confident that users can’t tamper with session state directly.

But yes, there are trade offs either way.

v5v3•7mo ago

>You Shall Not Pass: Fine Grained Access Control with Row Level Security

When you rug pulled your license, I could not pass.

I'm sure it will be useful to your paying clients, who may be using RLS on their other DBs.

Maple Mono: Smooth your coding flow

Sid Meier's System for Real-Time Music Composition and Synthesis

Show HN: Slop News – HN front page now, but it's all slop

Show HN: Empusa – Visual debugger to catch and resume AI agent retry loops

Show HN: Bitcoin wallet on NXP SE050 secure element, Tor-only open source

White House Explores Opening Antitrust Probe on Homebuilders

Show HN: MindDraft – AI task app with smart actions and auto expense tracking

How do you estimate AI app development costs accurately?

Going Through Snowden Documents, Part 5

Show HN: MCP Server for TradeStation

Canada unveils auto industry plan in latest pivot away from US

The essential Reinhold Niebuhr: selected essays and addresses

Rentahuman.ai Turns Humans into On-Demand Labor for AI Agents

StovexGlobal – Compliance Gaps to Note

Show HN: Afelyon – Turns Jira tickets into production-ready PRs (multi-repo)

Trump says America should move on from Epstein – it may not be that easy

Tiny Clippy – A native Office Assistant built in Rust and egui

LegalArgumentException: From Courtrooms to Clojure – Sen [video]

US moves to deport 5-year-old detained in Minnesota

If you lose your passport in Austria, head for McDonald's Golden Arches

Show HN: Mermaid Formatter – CLI and library to auto-format Mermaid diagrams

RFCs vs. READMEs: The Evolution of Protocols

Kanchipuram Saris and Thinking Machines

Chinese chemical supplier causes global baby formula recall

I've used AI to write 100% of my code for a year as an engineer

Looking for 4 Autistic Co-Founders for AI Startup (Equity-Based)

AI-native capabilities, a new API Catalog, and updated plans and pricing

What changed in tech from 2010 to 2020?

From Human Ergonomics to Agent Ergonomics

Advanced Inertial Reference Sphere