| From: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Thom Brown <thom(at)linux(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Add support for restrictive RLS policies |
| Date: | 2016-09-08 19:21:57 |
| Message-ID: | 20160908192157.GA53172@alvherre.pgsql |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Stephen Frost wrote:
> Greetings!
>
> * Stephen Frost (sfrost(at)snowman(dot)net) wrote:
> > Based on Robert's suggestion and using Thom's verbiage, I've tested this
> > out:
> >
> > CREATE POLICY pol ON tab AS [PERMISSIVE|RESTRICTIVE] ...
Can't you keep those words as Sconst or something (DefElems?) until the
execution phase, so that they don't need to be keywords at all? I'm
fairly sure we do that kind of thing elsewhere. Besides, that let you
throw errors such as "keyword 'foobarive' not recognized" instead of a
generic "syntax error" if the user enters a bogus permissivity (?)
keyword.
Is the permissive/restrictive dichotomy enough to support all
interesting use cases? What I think is the equivalent concept in PAM
uses required/requisite/sufficient/optional as possibilities, which
allows for finer grained control. Even there that's just the historical
interface, and the replacement syntax has more gadgets.
--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Claudio Freire | 2016-09-08 19:29:45 | Re: Is tuplesort_heap_siftup() a misnomer? |
| Previous Message | Peter Geoghegan | 2016-09-08 19:20:14 | Re: Is tuplesort_heap_siftup() a misnomer? |