On Tue, Jan 6, 2015 at 12:26 AM, Amit Langote
<Langote_Amit_f8@lab.ntt.co.jp> wrote:
> Following is perhaps a typo:
>
> - qualifications of queries which are run against the table the policy
> is on,
> + qualifications of queries which are run against the table if the
> policy is on,
>
> Attached fixes it if so.
I don't think that's a typo, although it's not particularly
well-worded IMHO. I might rewrite the whole paragraph like this:
A policy limits the ability to SELECT, INSERT, UPDATE, or DELETE rows
in a table to those rows which match the relevant policy expression.
Existing table rows are checked against the expression specified via
USING, while new rows that would be created via INSERT or UPDATE are
checked against the expression specified via WITH CHECK. Generally,
the system will enforce filter conditions imposed using security
policies prior to qualifications that appear in the query itself, in
order to the prevent the inadvertent exposure of the protected data to
user-defined functions which might not be trustworthy. However,
functions and operators marked by the system (or the system
administrator) as LEAKPROOF may be evaluated before policy
expressions, as they are assumed to be trustworthy.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company