Re: Docs and tests for RLS policies applied by command type

jian he <jian.universality@gmail.com>

From: jian he <jian.universality@gmail.com>
To: Dean Rasheed <dean.a.rasheed@gmail.com>
Cc: Viktor Holmberg <v@viktorh.net>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2025-11-06T02:45:58Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. doc: Improve description of RLS policies applied by command type.

  2. Add new RLS tests to test policies applied by command type.

On Mon, Nov 3, 2025 at 7:22 PM Dean Rasheed <dean.a.rasheed@gmail.com> wrote:
>
> Yeah, reading through the text on that page in more detail, there are
> a number of other omissions, or places that aren't quite fully
> correct, so I've gone through those and attempted to improve things.
>
> Also, I think it would be better if the table made the distinction
> between policy checks that just filter out rows, without throwing an
> error, and checks that do cause an error to be thrown.
>
> v4 attached.
>

some of the <literal> can be replaced by <command>, for example:
+         A <literal>MERGE</literal> command requires <literal>SELECT</literal>
+         permissions on both the source and target relations, and so each

currently the visual appearance is the same, I guess it's not a big deal.

(Table 300. Policies Applied by Command Type) is way more intuitive.

overall looks good to me.