From: | Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com> |
---|---|
To: | Joe Conway <mail(at)joeconway(dot)com> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: RLS related docs |
Date: | 2016-05-26 07:26:41 |
Message-ID: | CAEZATCXGzy3P992CHtzf8Nh4_StTqGUzrVAsRzOjW=K6qrMSPg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 25 May 2016 at 02:04, Joe Conway <mail(at)joeconway(dot)com> wrote:
> Please see attached two proposed patches for the docs related to RLS:
>
> 1) Correction to pg_restore
> 2) Additional mentions that "COPY FROM" does not allow RLS to be enabled
>
> Comments?
>
The pg_restore change looks good -- that was clearly wrong.
Also, +1 for the new note in pg_dump.
For COPY, I think perhaps it would be more logical to put the new note
immediately after the third note which describes the privileges
required, since it's kind of related, and then we can talk about the
RLS policies required, e.g.:
If row-level security is enabled for the table, COPY table TO is
internally converted to COPY (SELECT * FROM table) TO, and the
relevant security policies are applied. Currently, COPY FROM is not
supported for tables with row-level security.
> Related question: I believe
>
> COPY tbl TO ...
>
> is internally converted to
>
> COPY (select * FROM tbl) TO ...
>
> when RLS is involved. Do we want to document that?
>
I think so, yes, because that makes it clearer what policies will be applied.
Regards,
Dean
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2016-05-26 09:12:06 | Re: pg_dump -j against standbys |
Previous Message | Etsuro Fujita | 2016-05-26 07:18:15 | Re: Optimization for updating foreign tables in Postgres FDW |