Re: RLS Design

All,

* Brightwell, Adam (adam(dot)brightwell(at)crunchydatasolutions(dot)com) wrote:
> Attached is a updated patch taking into account the recommendations
> provided.

Alright, attached is a patch which I've been over in a great deal more
detail, as we seem to have moved beyond grammar and simple
functionality. It's been much reworked and improved (particularly in
rewrite/rowsecurity.c, but also commands/policy.c). Other
improvements of note (not including the improvements made and
mentioned by Adam previously):

Lots of additional comments around what's happening
Improved SGML documentation
Better \d and \dp support
Explicit function for check row-security requirements
Correct handling for views run under policies
Simplified changes to copy.c
Use normal DROP and RENAME processes (eg: DropStmt and friends)
Default-deny policy implementation, and regression tests
Handle sub-queries in WITH CHECK
Avoid duplicate policy application
Corrected plancache invalidation
Improved and additional regression tests
tab completion

This addresses all of the comments brought up previously, as far as
I'm aware, along with quite a few other issues which I found while
doing my review and rework.

As always- testing, reviews, comments are welcome. We've done a fair
bit of testing internally, but it's great to see how others are
imaginging and trying to use new capabilities like these- especially
if they run into any problems! :)

This took quite a bit longer than I had expected, but I think the
rework, review and additional testing was well worth it.

I'm planning to break from this for a few days and resume helping with
the commitfest more-or-less full-time until I have to head out for
PostgresOpen.

Thanks!

Stephen