Re: RLS Design

On Wed, Jul 16, 2014 at 10:04 PM, Brightwell, Adam
<adam(dot)brightwell(at)crunchydatasolutions(dot)com> wrote:

> Yes, I just tested it and the following would work from a grammar
> perspective:
>
> ALTER TABLE <table_name> POLICY ADD <policy_name> (policy_quals)
> ALTER TABLE <table_name> POLICY DROP <policy_name>
>
> Though, it would obviously require the addition of POLICY to the list of
> unreserved keywords. I don't suspect that would be a concern, as it is not
> "reserved", but thought I would point it out just in case.
>
> Another thought I had was, would we also want the following, so that
> policies could be modified?
>
> ALTER TABLE <table_name> POLICY ALTER <policy_name> (policy_quals)

I think we do want a way to modify policies. However, we tend to
avoid syntax that involves unnatural word order, as this certainly
does. Maybe it's better to follow the example of CREATE RULE and
CREATE TRIGGER and do something this instead:

CREATE POLICY policy_name ON table_name USING quals;
ALTER POLICY policy_name ON table_name USING quals;
DROP POLICY policy_name ON table_name;

The advantage of this is that you can regard "policy_name ON
table_name" as the identifier for the policy throughout the system.
You need some kind of identifier of that sort anyway to support
COMMENT ON, SECURITY LABEL, and ALTER EXTENSION ADD/DROP for policies.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company