Postgres Pro
Downloads
Home   >   mailing lists

Re: unclear about row-level security USING vs. CHECK - Mailing list pgsql-hackers

From Stephen Frost
Subject Re: unclear about row-level security USING vs. CHECK
Date
Msg-id 20150923152401.GV3685@tamriel.snowman.net
Whole thread Raw
In response to Re: unclear about row-level security USING vs. CHECK  (Robert Haas <robertmhaas@gmail.com>)
Responses Re: unclear about row-level security USING vs. CHECK  (Robert Haas <robertmhaas@gmail.com>)
List pgsql-hackers
Tree view 
* Robert Haas (robertmhaas@gmail.com) wrote:
> On Wed, Sep 23, 2015 at 11:05 AM, Stephen Frost <sfrost@snowman.net> wrote:
> >> Gosh, I think it would have been better to have a cleaner separation
> >> of USING and WITH CHECK.  That sounds far too unnecessarily magical.
> >
> > That the USING policy is used if WITH CHECK isn't defined?  That was
> > simply done to make policy management simple as in quite a few cases
> > only one policy is needed.  If a WITH CHECK was always required then
> > you'd be constantly writing:
> >
> > CREATE POLICY p1 ON t1
> > USING (entered_by = current_user)
> > WITH CHECK (entered_by = current_user);
> >
> > With potentially quite lengthy expressions.
> >
> > I'm not against changing that if people feel strongly about it, but I
> > certainly find it extremely handy.
> >
> > If that wasn't what you were referring to then please clarify as I
> > didn't follow.
>
> No, that's what I was talking about.  Maybe it is the most useful
> behavior, but it seems to have surprised Peter, and it surprised me,
> too.

I'm working on a documentation patch with Adam to improve the docs
around this (and other parts as well).  I agree it doesn't come off as
naturally intuitive to everyone (it did to me, but I'm clearly biased
as, I think anyway, it was my idea) and so I'm not sure that's enough.

Is there strong feeling that USING and WITH CHECK should both always be
required when specifying ALL and UPDATE policies?  It's not a difficult
change to make if people want it.

I will mention that on another thread there was discussion about having
WITH CHECK for all policy types as a way to let users control if an
error should be thrown rather than skipping over a row due to lack of
visibility.  In all cases, USING controls visibility and WITH CHECK will
throw an error on a violation and that would remain the case with this
approach.  Now that I think about it, it might be a bit cleaner if
USING and WITH CHECK are always kept independent for that case, but I'm
not sure it's really all that much of a difference.  The USING will
always be applied first and then the WITH CHECK applied to any rows
which remain, which comes across, to me at least (which isn't fair, of
course, but it's what I can comment on) as quite clear to understand.

Thanks!

Stephen

pgsql-hackers by date:

Previous
From: Alvaro Herrera
Date:
Subject: Re: [PATCH] Refactoring of LWLock tranches
Next
From: Robert Haas
Date:
Subject: Re: [PATCH] Refactoring of LWLock tranches