Re: Docs and tests for RLS policies applied by command type
jian he <jian.universality@gmail.com>
From: jian he <jian.universality@gmail.com>
To: Dean Rasheed <dean.a.rasheed@gmail.com>
Cc: Viktor Holmberg <v@viktorh.net>,
PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2025-11-06T02:45:58Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
doc: Improve description of RLS policies applied by command type.
- 7aa83ea57845 14.21 landed
- c663152adcec 15.16 landed
- 8d43607cd422 16.12 landed
- d60dabfe2507 17.8 landed
- 749f4ce4d984 18.2 landed
- 7dc4fa91413d 19 (unreleased) landed
-
Add new RLS tests to test policies applied by command type.
- 2e84248d6497 19 (unreleased) landed
On Mon, Nov 3, 2025 at 7:22 PM Dean Rasheed <dean.a.rasheed@gmail.com> wrote: > > Yeah, reading through the text on that page in more detail, there are > a number of other omissions, or places that aren't quite fully > correct, so I've gone through those and attempted to improve things. > > Also, I think it would be better if the table made the distinction > between policy checks that just filter out rows, without throwing an > error, and checks that do cause an error to be thrown. > > v4 attached. > some of the <literal> can be replaced by <command>, for example: + A <literal>MERGE</literal> command requires <literal>SELECT</literal> + permissions on both the source and target relations, and so each currently the visual appearance is the same, I guess it's not a big deal. (Table 300. Policies Applied by Command Type) is way more intuitive. overall looks good to me.