| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Thom Brown <thom(at)linux(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, "Brightwell, Adam" <adam(dot)brightwell(at)crunchydatasolutions(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com>, Craig Ringer <craig(at)2ndquadrant(dot)com>, Yeb Havinga <yeb(dot)havinga(at)portavita(dot)nl> |
| Subject: | Re: RLS Design |
| Date: | 2014-09-19 16:32:30 |
| Message-ID: | 20140919163230.GG16422@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Thom,
Thanks!
* Thom Brown (thom(at)linux(dot)com) wrote:
> On 14 September 2014 16:38, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> # create policy visible_colours on colours for all to joe using (visible =
> true);
> CREATE POLICY
[...]
> > insert into colours (name, visible) values ('transparent',false);
> ERROR: new row violates WITH CHECK OPTION for "colours"
> DETAIL: Failing row contains (7, transparent, f).
>
> > select * from pg_policies ;
> policyname | tablename | roles | cmd | qual | with_check
> -----------------+-----------+-------+-----+------------------+------------
> visible_colours | colours | {joe} | ALL | (visible = true) |
> (1 row)
>
> There was no WITH CHECK OPTION.
As I hope is clear if you look at the documentation- if the WITH CHECK
clause is omitted, then the USING clause is used for both filtering and
checking new records, otherwise you'd be able to add records which
aren't visible to you.
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2014-09-19 16:38:39 | Re: RLS Design |
| Previous Message | Thom Brown | 2014-09-19 16:29:29 | Re: RLS Design |