Re: [COMMITTERS] pgsql: Row-Level Security Policies (RLS) - Mailing list pgsql-hackers

From Stephen Frost
Subject Re: [COMMITTERS] pgsql: Row-Level Security Policies (RLS)
Date
Msg-id 20150526130800.GA26667@tamriel.snowman.net
Whole thread Raw
In response to Re: [COMMITTERS] pgsql: Row-Level Security Policies (RLS)  (Alvaro Herrera <alvherre@2ndquadrant.com>)
Responses Re: [COMMITTERS] pgsql: Row-Level Security Policies (RLS)  (Alvaro Herrera <alvherre@2ndquadrant.com>)
List pgsql-hackers
Alvaro,

* Alvaro Herrera (alvherre@2ndquadrant.com) wrote:
> What do we need RowSecurityPolicy->policy_id for?  It seems to me that
> it is only used to determine whether the policy is the "default deny"
> one, so that it can later be removed if a hook adds a different one.
> This seems contrived as well as under-documented.  Why isn't a boolean
> flag sufficient?

Thanks for taking a look!

It's also used during relcache updates (see equalPolicy()).  That wasn't
originally the case (I had missed adding the necessary bits to relcache
in the original patch), but I wouldn't want to remove that piece now
and, given that it's there, using InvalidOid to indicate when it's the
default-deny policy (and therefore this is no actual Oid) seems
sensible.
Thanks again!
    Stephen

pgsql-hackers by date:

Previous
From: Andrew Dunstan
Date:
Subject: Re: PostgreSQL 8.3 index page count clarification
Next
From: Tom Lane
Date:
Subject: Re: Order of columns in query is important?!