Re: Row Level Security UPDATE Confusion

Robert, all,

* Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
> On Fri, Apr 14, 2017 at 9:16 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> > I agreed already up-thread that there's an issue there and will be
> > looking to fix it. That comment was simply replying to Rod's point that
> > the documentation could also be improved.
>
> OK, thanks. The wrap for the next set of minor releases is, according
> to my understanding, scheduled for Monday, so you'd better jump on
> this soon if you're hoping to get a fix out this time around.

I've worked out what's happening here and it's because the ALL policy
has both USING and WITH CHECK that it's not acting the same as the
SELECT policy (which can only have USING). add_with_check_quals() is
what determines if the WITH CHECK policy or the USING policy should be
used (through a bit of a grotty #define, if you ask me..).

I've been considering how best to fix it. The two main options are to
use a different WCOKind and then track that through, which might be nice
as we might be able to provide a more useful error message in that case,
or to just add an additional flag to add_with_check_quals() to say
"always add the USING clause when this flag is true."

Either way, I expect to wrap this up either later tonight or tomorrow.

Thanks!

Stephen