| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Charles Clavadetscher <clavadetscher(at)swisspug(dot)org>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: unclear about row-level security USING vs. CHECK |
| Date: | 2015-09-23 16:37:37 |
| Message-ID: | 5602D551.7080005@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 9/23/15 11:05 AM, Stephen Frost wrote:
> That the USING policy is used if WITH CHECK isn't defined? That was
> simply done to make policy management simple as in quite a few cases
> only one policy is needed. If a WITH CHECK was always required then
> you'd be constantly writing:
>
> CREATE POLICY p1 ON t1
> USING (entered_by = current_user)
> WITH CHECK (entered_by = current_user);
>
> With potentially quite lengthy expressions.
That might be reasonable, but the documentation is completely wrong
about that.
That said, why even have USING and CHECK as separate clauses? Can't you
just create different policies if you want them different?
Hypothetical example:
CREATE POLICY p1 ON t1 FOR SELECT CHECK (extract(year from entered_on) =
extract(year from current_timestamp));
CREATE POLICY p2 ON t2 FOR INSERT, UPDATE, DELETE CHECK (entered_by =
current_user);
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2015-09-23 16:43:54 | Re: hot_standby_feedback default and docs |
| Previous Message | Robert Haas | 2015-09-23 16:37:15 | Re: Parallel Seq Scan |