From: | Karl Czajkowski <karlcz(at)isi(dot)edu> |
---|---|
To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
Cc: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: RLS policy dump/restore failure due to elided type-casts |
Date: | 2016-04-21 01:37:53 |
Message-ID: | 20160421013753.GC7976@moraine.isi.edu |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Apr 20, David G. Johnston modulated:
> The problem here is that:
>
> scalar = ANY (array)
> is different than
> scalar = ANY (subquery)
>
> The normalization in ?ruleutils? is munging things so that a query that
> is written as "scalar = ANY(array) is transformed into one that is
> "scalar = ANY(subquery)"
>
> The extra parentheses and the cast are needed to force a "scalar = ANY
> (array)" where the basic expression looks like "scalar = ANY(subquery)"
>
Aha! Thanks for that. Now I realize there is a much simpler
workaround:
CREATE POLICY delete_stuff ON stuff
FOR DELETE USING ('example attribute value' = ANY ( current_attributes() ));
Somehow I fell into a pattern of writing scalar subqueries and I
forgot to just write the function invocation directly as an
expression! This policy seems to round-trip through pg_dump
successfully. :-)
By the way, we expose our session context parameter as an array result
partly because we have other scenarios where we store row-level
application ACLs in array-typed columns and may want to do
array-to-array intersection tests in a policy expression. It was my
intuition that gin indexing of those array-based ACL columns would
then make these policy expressions pretty fast to evaluate.
Karl
From | Date | Subject | |
---|---|---|---|
Next Message | Karl Czajkowski | 2016-04-21 01:47:36 | Re: RLS policy dump/restore failure due to elided type-casts |
Previous Message | david | 2016-04-21 01:24:03 | Re: How do BEGIN/COMMIT/ABORT operate in a nested SPI query? |