Rod,
* Rod Taylor (rod.taylor@gmail.com) wrote:
> Then there is a bug in the simpler statement which happily lets you give
> away records.
>
> CREATE POLICY simple_all ON t TO simple USING (value > 0) WITH CHECK (true);
>
> SET session authorization simple;
> SELECT * FROM t;
> UPDATE t SET value = value * -1 WHERE value = 1;
> -- No error and value is -1 at the end.
Hm, that does seem like it's not matching up with the intent, likely
because it's an 'ALL' policy instead of individual policies.
Out of curiosity, is there a particular use-case here that you're
working towards, or just testing it out to see how it works?
Thanks!
Stephen