| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Charles Clavadetscher <clavadetscher(at)swisspug(dot)org>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: unclear about row-level security USING vs. CHECK |
| Date: | 2015-09-23 15:11:07 |
| Message-ID: | CA+Tgmoa24sXtMH1b8LOUCZG8DLf1YcjEQbWJuaJCYLWScQrnow@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Sep 23, 2015 at 11:05 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>> Gosh, I think it would have been better to have a cleaner separation
>> of USING and WITH CHECK. That sounds far too unnecessarily magical.
>
> That the USING policy is used if WITH CHECK isn't defined? That was
> simply done to make policy management simple as in quite a few cases
> only one policy is needed. If a WITH CHECK was always required then
> you'd be constantly writing:
>
> CREATE POLICY p1 ON t1
> USING (entered_by = current_user)
> WITH CHECK (entered_by = current_user);
>
> With potentially quite lengthy expressions.
>
> I'm not against changing that if people feel strongly about it, but I
> certainly find it extremely handy.
>
> If that wasn't what you were referring to then please clarify as I
> didn't follow.
No, that's what I was talking about. Maybe it is the most useful
behavior, but it seems to have surprised Peter, and it surprised me,
too.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2015-09-23 15:22:55 | Re: [PATCH] Refactoring of LWLock tranches |
| Previous Message | Stephen Frost | 2015-09-23 15:05:50 | Re: unclear about row-level security USING vs. CHECK |