Re: unclear about row-level security USING vs. CHECK

From: Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com>
To: Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com>
Cc: Stephen Frost <sfrost(at)snowman(dot)net>, Peter Eisentraut <peter_e(at)gmx(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>, Charles Clavadetscher <clavadetscher(at)swisspug(dot)org>
Subject: Re: unclear about row-level security USING vs. CHECK
Date: 2015-09-29 15:20:26
Message-ID: CAKRt6CR2MLx4fYMLnMPT_P4y3bA+j9QDX976GpUqa5O4r89rtw@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

> My vote would be to keep it as-is.

Same for me.

> It feels perfectly natural to me. USING clauses add to the query's
> WHERE clause controlling which existing rows you can SELECT, UPDATE or
> DELETE. WITH CHECK clauses control what new data you can add via
> INSERT or UPDATE. UPDATE allows both, but most of the time I expect
> you'll want them to be the same.

I agree. In the current uses cases I have been experimenting with,
this approach has made the most sense.

> So having the WITH CHECK clause default to being the same as the USING
> clause for UPDATE matches what I expect to be the most common usage.

I agree.

> Users granted permission to update a subset of the table's rows
> probably don't want to give those rows away. More advanced use-cases
> are still supported, but the simplest/most common case is the default,
> which means that you don't have to supply the same expression twice.

Yes, I agree. IMO, having to supply the same expression twice just
seems cumbersome and unnecessary. While I'd certainly agree that
documentation could always be improved, I have found the current
behavior to be fairly intuitive and easily understood by most (if not
all) DBA's I have spoken with about it.

-Adam

--
Adam Brightwell - adam(dot)brightwell(at)crunchydatasolutions(dot)com
Database Engineer - www.crunchydatasolutions.com

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Andres Freund 2015-09-29 15:24:47 Re: ON CONFLICT issues around whole row vars,
Previous Message Tom Lane 2015-09-29 14:59:18 Re: 9.5: Can't connect with PGSSLMODE=require on Windows