* Peter Geoghegan (pg@heroku.com) wrote:
> I also don't see this behavior documented (this is from process_policies()):
>
> /*
> * If we end up with only USING quals, then use those as
> * WITH CHECK quals also.
> */
> if (with_check_quals == NIL)
> with_check_quals = copyObject(quals);
>
> Now, I do see a reference to it under "Per-Command policies - ALL". It says:
>
> "If an INSERT or UPDATE command attempts to add rows to the table
> which do not pass the ALL WITH CHECK (or USING, if no WITH CHECK
> expression is defined) expression, the command will error."
>
> But is that really the right place for it? Does it not equally well
> apply to FOR UPDATE policies, that can on their own have both barriers
> quals and WITH CHECK options? Basically, that seems to me like a
> *generic* property of policies (it's a generic thing that the WITH
> CHECK options/expressions "shadow" the USING security barrier quals as
> check options), and so should be documented as such.
Ah, yes, good point, I can add more documentation around that.
Thanks!
Stephen