Re: RLS related docs

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Joe Conway <mail(at)joeconway(dot)com>
Cc: Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: RLS related docs
Date: 2016-09-15 18:33:31
Message-ID: CA+Tgmoae_C5=raLhuxEWAzdOdMA7d1k0JXsnyqZ5H2dZu9vTWg@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Sun, Aug 28, 2016 at 4:23 PM, Joe Conway <mail(at)joeconway(dot)com> wrote:
>>> For COPY, I think perhaps it would be more logical to put the new note
>>> immediately after the third note which describes the privileges
>>> required, since it's kind of related, and then we can talk about the
>>> RLS policies required, e.g.:
>>>
>>> If row-level security is enabled for the table, COPY table TO is
>>> internally converted to COPY (SELECT * FROM table) TO, and the
>>> relevant security policies are applied. Currently, COPY FROM is not
>>> supported for tables with row-level security.
>>
>> This sounds better than what I had, so I will do it that way.
>
> Apologies for the delay, but new patch attached. Assuming no more
> comments, will commit this, backpatched to 9.5, in a day or two.

I don't think this was ever committed, but my comment is that it seems
to be exposing rather more of the implementation than is probably
wise. Can't we say that SELECT policies will apply rather than saying
that it is internally converted to a SELECT?

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tomas Vondra 2016-09-15 18:48:09 Re: Vacuum: allow usage of more than 1GB of work mem
Previous Message Robert Haas 2016-09-15 18:32:32 Re: RLS related docs