| From: | Peter Geoghegan <pg(at)heroku(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Amit Langote <Langote_Amit_f8(at)lab(dot)ntt(dot)co(dot)jp>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Possible typo in create_policy.sgml |
| Date: | 2015-01-06 19:48:41 |
| Message-ID: | CAM3SWZTPn7p9zx8CqCxxr4yXsk1zbwRa+U_M1MGQAVF7AamjCg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Jan 6, 2015 at 11:25 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> Looks reasonable to me. Amit, does this read better for you? If so, I
> can handle making the change to the docs.
The docs also prominently say:
"The security-barrier qualifications will always be evaluated prior to
any user-defined functions or user-provided WHERE clauses, while the
with-check expression will be evaluated against the rows which are
going to be added to the table. By adding policies to a table, a user
can limit the rows which a given user can select, insert, update, or
delete. This capability is also known as Row Level Security or RLS."
I would prefer it if it was clearer based on the syntax description
which qual is which. The security barrier qual "expression" should
have an identifier/name in the syntax description that is more
suggestive of "security barrier qual", emphasizing its distinctness
from "check_expression". For example, I think "barrier_expression"
would be clearer.
--
Peter Geoghegan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2015-01-06 20:04:04 | Re: parallel mode and parallel contexts |
| Previous Message | Stefan Kaltenbrunner | 2015-01-06 19:46:19 | Re: Updating copyright notices to 2015 for PGDG |