From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com> |
Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Amit Langote <Langote_Amit_f8(at)lab(dot)ntt(dot)co(dot)jp>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Possible typo in create_policy.sgml |
Date: | 2015-01-30 21:11:42 |
Message-ID: | 20150130211142.GP3854@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
* Dean Rasheed (dean(dot)a(dot)rasheed(at)gmail(dot)com) wrote:
> On 30 January 2015 at 03:40, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> > * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
> >> On Thu, Jan 29, 2015 at 9:04 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> >> > A policy grants the ability to SELECT, INSERT, UPDATE, or DELETE rows
> >> > which match the relevant policy expression. Existing table rows are
> >> > checked against the expression specified via USING, while new rows
> >> > that would be created via INSERT or UPDATE are checked against the
> >> > expression specified via WITH CHECK. When a USING expression returns
> >> > false for a given row, that row is not visible to the user. When a WITH
> >> > CHECK expression returns false for a row which is to be added, an error
> >> > occurs.
> >>
> >> Yeah, that's not bad. I think it's an improvement, in fact.
>
> Yes I like that too. My main concern was that we should be describing
> policies in terms of permitting access to the table, not limiting
> access, because of the default-deny policy, and this new text clears
> that up.
Great, thanks, pushed.
> One additional quibble -- it's misleading to say "expression returns
> false" here (and later in the check_expression parameter description)
> because if the expression returns null, that's also a failure. So it
> ought to be "false or null", but perhaps it could just be described in
> terms of rows matching the expression, with a separate note to say
> that a row only matches a policy expression if that expression returns
> true, not false or null.
Good point, I've made a few minor changes to address that also, please
let me know if you see any issus.
Thanks!
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2015-01-30 21:12:21 | Re: Possible typo in create_policy.sgml |
Previous Message | Andrew Dunstan | 2015-01-30 21:08:03 | Re: Buildfarm broken for 9.3 and up |