| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Add support for restrictive RLS policies |
| Date: | 2016-09-01 09:02:55 |
| Message-ID: | CA+TgmoZzHqZEVsPQUCH0JY+9MSBdAmLnSNsmdzwKSPfSLWG5Bg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Sep 1, 2016 at 12:04 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> As outlined in the commit message, this adds support for restrictive RLS
> policies. We've had this in the backend since 9.5, but they were only
> available via hooks and therefore extensions. This adds support for
> them to be configured through regular DDL commands. These policies are,
> essentially "AND"d instead of "OR"d.
>
> Includes updates to the catalog, grammer, psql, pg_dump, and regression
> tests. Documentation will be added soon, but until then, would be great
> to get feedback on the grammer, catalog and code changes.
I don't like CREATE RESTRICT POLICY much. It's not very good grammar,
for one thing. I think putting the word RESTRICT, or maybe AS
RESTRICT, somewhere later in the command would be better.
I also think that it is very strange to have the grammar keyword be
"restrict" but the internal flag be called "permissive". It would be
better to have the sense of those flags match.
(This is not intended as a full review, just a quick comment.)
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2016-09-01 09:05:13 | Re: pg_basebackup wish list |
| Previous Message | Andrew Borodin | 2016-09-01 08:43:33 | Re: GiST penalty functions [PoC] |