| From: | Amit Langote <Langote_Amit_f8(at)lab(dot)ntt(dot)co(dot)jp> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Possible typo in create_policy.sgml |
| Date: | 2015-01-07 01:09:20 |
| Message-ID: | 54AC8740.2020403@lab.ntt.co.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 07-01-2015 AM 04:25, Stephen Frost wrote:
> Robert, Amit,
>
> * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
>> I don't think that's a typo, although it's not particularly
>> well-worded IMHO. I might rewrite the whole paragraph like this:
>>
>> A policy limits the ability to SELECT, INSERT, UPDATE, or DELETE rows
>> in a table to those rows which match the relevant policy expression.
>> Existing table rows are checked against the expression specified via
>> USING, while new rows that would be created via INSERT or UPDATE are
>> checked against the expression specified via WITH CHECK. Generally,
>> the system will enforce filter conditions imposed using security
>> policies prior to qualifications that appear in the query itself, in
>> order to the prevent the inadvertent exposure of the protected data to
>> user-defined functions which might not be trustworthy. However,
>> functions and operators marked by the system (or the system
>> administrator) as LEAKPROOF may be evaluated before policy
>> expressions, as they are assumed to be trustworthy.
>
> Looks reasonable to me. Amit, does this read better for you? If so, I
> can handle making the change to the docs.
>
Yes, it looks reasonable to me to.
Thanks,
Amit
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2015-01-07 01:17:02 | Re: Turning recovery.conf into GUCs |
| Previous Message | Andres Freund | 2015-01-07 01:08:56 | Re: Turning recovery.conf into GUCs |