Re: Add support for restrictive RLS policies
Jeevan Chalke <jeevan.chalke@enterprisedb.com>
From: Jeevan Chalke <jeevan.chalke@enterprisedb.com>
To: Stephen Frost <sfrost@snowman.net>
Cc: Alvaro Herrera <alvherre@2ndquadrant.com>,
Robert Haas <robertmhaas@gmail.com>, Tom Lane <tgl@sss.pgh.pa.us>, Thom Brown <thom@linux.com>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2016-09-29T10:18:09Z
Lists: pgsql-hackers
Hi Stephen,
> 4. It will be good if we have an example for this in section
> > "5.7. Row Security Policies"
>
> I haven't added one yet, but will plan to do so.
>
> I think you are going to add this in this patch itself, right?
I have reviewed your latest patch and it fixes almost all my review
comments.
Also I am agree with your responses for couple of comments like response on
ALTER POLICY and tab completion. No issues with that.
However in documentation, PERMISSIVE and RESTRICTIVE are actually literals
and not parameters as such. Also can we combine these two options into one
like below (similar to how we document CASCADE and RESTRICT for DROP
POLICY):
<varlistentry>
<term><literal>PERMISSIVE</literal></term>
<term><literal>RESTRICTIVE</literal></term>
<listitem>
<para>
... explain PERMISSIVE ...
</para>
<para>
... explain RESTRICTIVE ...
</para>
</listitem>
</varlistentry>
Apart from this changes look excellent to me.
Thanks
--
Jeevan B Chalke
Principal Software Engineer, Product Development
EnterpriseDB Corporation
The Enterprise PostgreSQL Company
Commits
-
Add support for restrictive RLS policies
- 093129c9d9fc 10.0 landed
-
Include <sys/select.h> where needed
- 51c3e9fade76 10.0 cited
-
Apply table and domain CHECK constraints in name order.
- e5f455f59fed 9.5.0 cited