From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: [COMMITTERS] pgsql: Row-Level Security Policies (RLS) |
Date: | 2015-05-27 01:42:06 |
Message-ID: | 20150527014206.GF26667@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers pgsql-hackers |
Alvaro,
* Alvaro Herrera (alvherre(at)2ndquadrant(dot)com) wrote:
> Stephen Frost wrote:
> > * Alvaro Herrera (alvherre(at)2ndquadrant(dot)com) wrote:
> > > What do we need RowSecurityPolicy->policy_id for? It seems to me that
> > > it is only used to determine whether the policy is the "default deny"
> > > one, so that it can later be removed if a hook adds a different one.
> > > This seems contrived as well as under-documented. Why isn't a boolean
> > > flag sufficient?
> >
> > Thanks for taking a look!
> >
> > It's also used during relcache updates (see equalPolicy()).
>
> Hmm, but the policy name is unique also, right? So the policy_id check
> is redundant ...
I don't disagree with that, but surely checking if it's the same OID and
exiting immediately is going to be faster than comparing the policy
names.
Now, looking at the code, I'm actually failing to see a case where we
use the RowSecurityPolicy->policy_name.. Perhaps *that's* what we
should be looking to remove?
Thanks!
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2015-05-27 01:45:36 | Re: [COMMITTERS] pgsql: Add pg_audit, an auditing extension |
Previous Message | Peter Eisentraut | 2015-05-27 00:46:34 | Re: pgsql: Add all structured objects passed to pushJsonbValue piecewise. |
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2015-05-27 01:45:36 | Re: [COMMITTERS] pgsql: Add pg_audit, an auditing extension |
Previous Message | Abhijit Menon-Sen | 2015-05-27 01:37:45 | Re: fsync-pgdata-on-recovery tries to write to more files than previously |