Re: Possible typo in create_policy.sgml

From: Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, Amit Langote <Langote_Amit_f8(at)lab(dot)ntt(dot)co(dot)jp>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Possible typo in create_policy.sgml
Date: 2015-01-09 08:38:05
Message-ID: CAEZATCU7RoGHGc5CXQvJFT8FAQ0kAKez5y_ywm4=9YyqDextHQ@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 8 January 2015 at 18:57, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>> What do you think of the attached rewording?
>
> Rewording it this way is a great idea. Hopefully that will help address
> the confusion which we've seen. The only comment I have offhand is:
> should we should add a sentence to this paragraph about the default-deny
> policy?
>

Yes, good idea, although I think perhaps that sentence should be added
to the preceding paragraph, after noting that RLS has to be enabled on
the table for the policies to be applied:

The <command>CREATE POLICY</command> command defines a new policy for a
table. Note that row level security must also be enabled on the table using
<command>ALTER TABLE</command> in order for created policies to be applied.
Once row level security has been enabled, a default-deny policy is
used and no rows
in the table are visible unless permitted by a specific policy.

A policy permits SELECT, INSERT, UPDATE or DELETE commands to access rows
in a table that has row level security enabled. Access to existing table
rows is granted if they match a policy expression specified via USING,
while new rows that would be created via INSERT or UPDATE are checked
against policy expressions specified via WITH CHECK. For policy
expressions specified via USING which grant access to existing rows, the
system will generally test the policy expressions prior to any
qualifications that appear in the query itself, in order to the prevent the
inadvertent exposure of the protected data to user-defined functions which
might not be trustworthy. However, functions and operators marked by the
system (or the system administrator) as LEAKPROOF may be evaluated before
policy expressions, as they are assumed to be trustworthy.

Also, perhaps the "ALTER TABLE" in the first paragraph should be
turned into a link.

Regards,
Dean

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Heikki Linnakangas 2015-01-09 08:48:39 Re: pg_rewind in contrib
Previous Message Abhijit Menon-Sen 2015-01-09 08:32:03 Re: What exactly is our CRC algorithm?