> On Oct 28, 2025, at 10:01, jian he <jian.universality@gmail.com> wrote:
>
> hi.
>
> The attached patch did what the $subject says.
> demo:
>
> begin;
> create role alice login;
> grant all on schema public to alice;
> drop table if exists tts;
> create table tts(a int);
> grant insert on tts to alice;
> ALTER TABLE tts ENABLE ROW LEVEL SECURITY;
> CREATE POLICY p1 ON tts FOR ALL USING (a = 1 or a = 2 or a = 3);
> commit;
>
> SET ROLE alice;
> insert into tts values (4); --error
>
> old ERROR message:
> ERROR: new row violates row-level security policy for table "tts"
>
> new ERROR message:
> ERROR: new row violates row-level security policy "p1" for table "tts"
>
> There are fewer than 10 lines of C code changes, but turns out that in the
> regression tests, there are many cases where only one permissive policy exists
> for INSERT or UPDATE.
> So the patch is not smaller.
> <v1-0001-minor-RLS-violation-error-report-enhance.patch>
I agree printing policy name to the log helps. I tried to “make" and “make check”, all passed.
A tiny comment wrt the code comment:
```
* since if the check fails it means that no policy granted permission
* to perform the update, rather than any particular policy being
* violated.
+ * However, if there is only a single permissive policy clause, we can
+ * include that specific policy name in error reports when the policy is
+ * violated.
```
* “However …” doesn’t have to go to a new line. But if you really want that, an empty comment line should be added
above“However …”. See the comment of “if” that is right above this piece of code.
* “include that specific policy name” => “include that specific policy’s name”.
Best regards,
--
Chao Li (Evan)
HighGo Software Co., Ltd.
https://www.highgo.com/
