From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Amit Langote <Langote_Amit_f8(at)lab(dot)ntt(dot)co(dot)jp>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Possible typo in create_policy.sgml |
Date: | 2015-01-06 19:25:29 |
Message-ID: | 20150106192529.GW3062@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Robert, Amit,
* Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
> I don't think that's a typo, although it's not particularly
> well-worded IMHO. I might rewrite the whole paragraph like this:
>
> A policy limits the ability to SELECT, INSERT, UPDATE, or DELETE rows
> in a table to those rows which match the relevant policy expression.
> Existing table rows are checked against the expression specified via
> USING, while new rows that would be created via INSERT or UPDATE are
> checked against the expression specified via WITH CHECK. Generally,
> the system will enforce filter conditions imposed using security
> policies prior to qualifications that appear in the query itself, in
> order to the prevent the inadvertent exposure of the protected data to
> user-defined functions which might not be trustworthy. However,
> functions and operators marked by the system (or the system
> administrator) as LEAKPROOF may be evaluated before policy
> expressions, as they are assumed to be trustworthy.
Looks reasonable to me. Amit, does this read better for you? If so, I
can handle making the change to the docs.
Thanks!
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Geoghegan | 2015-01-06 19:34:54 | Re: INSERT ... ON CONFLICT UPDATE and RLS |
Previous Message | Petr Jelinek | 2015-01-06 19:24:41 | XLOG_PARAMETER_CHANGE handling of wal_log_hints |