| From: | Andres Freund <andres(at)2ndquadrant(dot)com> |
|---|---|
| To: | Craig Ringer <craig(at)2ndquadrant(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: CREATE POLICY and RETURNING |
| Date: | 2014-10-17 12:34:40 |
| Message-ID: | 20141017123440.GB2075@alap3.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2014-10-17 14:57:03 +0800, Craig Ringer wrote:
> On 10/17/2014 02:49 AM, Robert Haas wrote:
> > I think you could probably make the DELETE policy control what can get
> > deleted, but then have the SELECT policy further filter what gets
> > returned.
>
> That seems like the worst of both worlds to me.
>
> Suddenly DELETE ... RETURNING might delete more rows than it reports a
> resultset for. As well as being potentially dangerous for people using
> it in wCTEs, etc, to me that's the most astonishing possible outcome of all.
>
> I'd be much happier with even:
>
> ERROR: RETURNING not permitted with SELECT row-security policy
FWIW, that doesn't sound acceptable to me.
Greetings,
Andres Freund
--
Andres Freund http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dag-Erling Smørgrav | 2014-10-17 12:36:08 | Re: [PATCH] add ssl_protocols configuration option |
| Previous Message | CK Tan | 2014-10-17 12:32:13 | Vitesse DB call for testing |