From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Peter Geoghegan <pg(at)heroku(dot)com> |
Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Amit Langote <Langote_Amit_f8(at)lab(dot)ntt(dot)co(dot)jp>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Possible typo in create_policy.sgml |
Date: | 2015-01-06 21:03:08 |
Message-ID: | CA+TgmobYkhDiJgbH4jM9knHmNS4v1Vd3KkrNFTiR3-9-BVpNUg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, Jan 6, 2015 at 2:48 PM, Peter Geoghegan <pg(at)heroku(dot)com> wrote:
> On Tue, Jan 6, 2015 at 11:25 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>> Looks reasonable to me. Amit, does this read better for you? If so, I
>> can handle making the change to the docs.
>
> The docs also prominently say:
>
> "The security-barrier qualifications will always be evaluated prior to
> any user-defined functions or user-provided WHERE clauses, while the
> with-check expression will be evaluated against the rows which are
> going to be added to the table. By adding policies to a table, a user
> can limit the rows which a given user can select, insert, update, or
> delete. This capability is also known as Row Level Security or RLS."
>
> I would prefer it if it was clearer based on the syntax description
> which qual is which. The security barrier qual "expression" should
> have an identifier/name in the syntax description that is more
> suggestive of "security barrier qual", emphasizing its distinctness
> from "check_expression". For example, I think "barrier_expression"
> would be clearer.
I thought my rewrite clarified this distinction pretty well. Maybe
I'm wrong? We're talking about the same paragraph.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Geoghegan | 2015-01-06 21:07:30 | Re: Possible typo in create_policy.sgml |
Previous Message | Robert Haas | 2015-01-06 21:01:51 | Re: parallel mode and parallel contexts |