On Mon, 2023-11-13 at 12:57 -0500, Robert Haas wrote:
> On Fri, Nov 10, 2023 at 7:43 AM Laurenz Albe <laurenz.albe@cybertec.at> wrote:
> > So, from my perspective, we should never have let FOR SELECT policies
> > mess with an UPDATE. But I am too late for that; such a change would
> > be way too invasive now. So I'd like to introduce a "back door" by
> > creating a FOR SELECT policy with WITH CHECK (TRUE).
>
> In principle I see no problem with some kind of back door here, but
> that seems like it might not be the right way to do it. I don't think
> we want constant true to behave arbitrarily differently than any other
> expression. Maybe that's not what you had in mind and I'm just not
> seeing the full picture, though.
I experimented some more, and I think I see my mistake now.
Currently, the USING clause of FOR SELECT/ALL/UPDATE policies is
an *additional* restriction to the WITH CHECK clause.
So my suggestion of using the WITH CHECK clause *instead of*
the USING clause in FOR SELECT policies would be unprincipled.
Sorry for the noise.
Yours,
Laurenz Albe
