From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Charles Clavadetscher <clavadetscher(at)swisspug(dot)org>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: unclear about row-level security USING vs. CHECK |
Date: | 2015-09-23 19:22:40 |
Message-ID: | 5602FC00.6060001@gmx.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 9/23/15 2:52 PM, Stephen Frost wrote:
>> That might be reasonable, but the documentation is completely wrong
>> about that.
>
> Really? I feel pretty confident that it's at least mentioned. I
> agree that it should be made more clear.
I quoted the documentation at the beginning of the thread. That's all I
could find about it.
>> That said, why even have USING and CHECK as separate clauses? Can't you
>> just create different policies if you want them different?
>>
>> Hypothetical example:
>>
>> CREATE POLICY p1 ON t1 FOR SELECT CHECK (extract(year from entered_on) =
>> extract(year from current_timestamp));
>> CREATE POLICY p2 ON t2 FOR INSERT, UPDATE, DELETE CHECK (entered_by =
>> current_user);
>
> USING is about visibility of existing records, WITH CHECK is in regards
> to new rows being added to the relation (either through an INSERT or an
> UPDATE).
That makes sense, but then the current behavior that I mentioned at the
beginning of the thread is wrong. If you think these clauses are
clearly separate, then they should be, er, clearly separate.
Maybe the syntax can be tweaked a little, like USING AND CHECK or
whatever. Not that USING and CHECK are terribly intuitive in this
context anyway.
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2015-09-23 19:38:59 | clearing opfuncid vs. parallel query |
Previous Message | Stephen Frost | 2015-09-23 19:20:08 | Re: unclear about row-level security USING vs. CHECK |