From: | Thom Brown <thom(at)linux(dot)com> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, "Brightwell, Adam" <adam(dot)brightwell(at)crunchydatasolutions(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com>, Craig Ringer <craig(at)2ndquadrant(dot)com>, Yeb Havinga <yeb(dot)havinga(at)portavita(dot)nl> |
Subject: | Re: RLS Design |
Date: | 2014-09-19 16:45:41 |
Message-ID: | CAA-aLv4qUH9bwhwHK93XrYS4YfscYSc6mSMj-WzCYkEsR7-pfA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 19 September 2014 17:32, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> Thom,
>
> Thanks!
>
> * Thom Brown (thom(at)linux(dot)com) wrote:
> > On 14 September 2014 16:38, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> > # create policy visible_colours on colours for all to joe using (visible
> =
> > true);
> > CREATE POLICY
> [...]
> > > insert into colours (name, visible) values ('transparent',false);
> > ERROR: new row violates WITH CHECK OPTION for "colours"
> > DETAIL: Failing row contains (7, transparent, f).
> >
> > > select * from pg_policies ;
> > policyname | tablename | roles | cmd | qual |
> with_check
> >
> -----------------+-----------+-------+-----+------------------+------------
> > visible_colours | colours | {joe} | ALL | (visible = true) |
> > (1 row)
> >
> > There was no WITH CHECK OPTION.
>
> As I hope is clear if you look at the documentation- if the WITH CHECK
> clause is omitted, then the USING clause is used for both filtering and
> checking new records, otherwise you'd be able to add records which
> aren't visible to you.
I can see that now, although I do find the error message somewhat
confusing. Firstly, it looks like "OPTION" is part of the parameter name,
which it isn't.
Also, I seem to get an error message with the following:
# create policy nice_colours ON colours for all to joe using (visible =
true) with check (name in ('blue','green','yellow'));
CREATE POLICY
\c - joe
> insert into colours (name, visible) values ('blue',false);
ERROR: function with OID 0 does not exist
And if this did work, but I only violated the USING clause, would this
still say the WITH CHECK clause was the cause?
Thom
From | Date | Subject | |
---|---|---|---|
Next Message | Andres Freund | 2014-09-19 16:48:58 | Re: RLS Design |
Previous Message | Stephen Frost | 2014-09-19 16:38:39 | Re: RLS Design |