On 6 January 2015 at 19:25, Stephen Frost <sfrost@snowman.net> wrote:
> Robert, Amit,
>
> * Robert Haas (robertmhaas@gmail.com) wrote:
>> I don't think that's a typo, although it's not particularly
>> well-worded IMHO. I might rewrite the whole paragraph like this:
>>
>> A policy limits the ability to SELECT, INSERT, UPDATE, or DELETE rows
>> in a table to those rows which match the relevant policy expression.
>> Existing table rows are checked against the expression specified via
>> USING, while new rows that would be created via INSERT or UPDATE are
>> checked against the expression specified via WITH CHECK. Generally,
>> the system will enforce filter conditions imposed using security
>> policies prior to qualifications that appear in the query itself, in
>> order to the prevent the inadvertent exposure of the protected data to
>> user-defined functions which might not be trustworthy. However,
>> functions and operators marked by the system (or the system
>> administrator) as LEAKPROOF may be evaluated before policy
>> expressions, as they are assumed to be trustworthy.
>
> Looks reasonable to me. Amit, does this read better for you? If so, I
> can handle making the change to the docs.
>
I have a wider concern about the wording on this page - both the
rewritten paragraph and elsewhere talk about policies in terms of
limiting access to or filtering out rows.
However, since policy expressions are OR'ed together and there is a
default-deny policy when RLS is enabled, I think it should be talking
about policies in terms of permitting access to tables that have row
security enabled.
Regards,
Dean