Re: Possible typo in create_policy.sgml

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Amit Langote <Langote_Amit_f8(at)lab(dot)ntt(dot)co(dot)jp>
Cc: Pg Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Possible typo in create_policy.sgml
Date: 2015-01-06 17:29:36
Message-ID: CA+TgmoaMBwJ5k6o7Wb+o6T+OWnQn0htSW7EBzuQjZ9qpvssvjg@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Tue, Jan 6, 2015 at 12:26 AM, Amit Langote
<Langote_Amit_f8(at)lab(dot)ntt(dot)co(dot)jp> wrote:
> Following is perhaps a typo:
>
> - qualifications of queries which are run against the table the policy
> is on,
> + qualifications of queries which are run against the table if the
> policy is on,
>
> Attached fixes it if so.

I don't think that's a typo, although it's not particularly
well-worded IMHO. I might rewrite the whole paragraph like this:

A policy limits the ability to SELECT, INSERT, UPDATE, or DELETE rows
in a table to those rows which match the relevant policy expression.
Existing table rows are checked against the expression specified via
USING, while new rows that would be created via INSERT or UPDATE are
checked against the expression specified via WITH CHECK. Generally,
the system will enforce filter conditions imposed using security
policies prior to qualifications that appear in the query itself, in
order to the prevent the inadvertent exposure of the protected data to
user-defined functions which might not be trustworthy. However,
functions and operators marked by the system (or the system
administrator) as LEAKPROOF may be evaluated before policy
expressions, as they are assumed to be trustworthy.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2015-01-06 17:39:12 Re: INSERT ... ON CONFLICT UPDATE and RLS
Previous Message Robert Haas 2015-01-06 16:33:22 Re: parallel mode and parallel contexts