On Tue, Jan 6, 2015 at 2:48 PM, Peter Geoghegan <pg@heroku.com> wrote:
> On Tue, Jan 6, 2015 at 11:25 AM, Stephen Frost <sfrost@snowman.net> wrote:
>> Looks reasonable to me. Amit, does this read better for you? If so, I
>> can handle making the change to the docs.
>
> The docs also prominently say:
>
> "The security-barrier qualifications will always be evaluated prior to
> any user-defined functions or user-provided WHERE clauses, while the
> with-check expression will be evaluated against the rows which are
> going to be added to the table. By adding policies to a table, a user
> can limit the rows which a given user can select, insert, update, or
> delete. This capability is also known as Row Level Security or RLS."
>
> I would prefer it if it was clearer based on the syntax description
> which qual is which. The security barrier qual "expression" should
> have an identifier/name in the syntax description that is more
> suggestive of "security barrier qual", emphasizing its distinctness
> from "check_expression". For example, I think "barrier_expression"
> would be clearer.
I thought my rewrite clarified this distinction pretty well. Maybe
I'm wrong? We're talking about the same paragraph.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company