On 10/17/2014 02:49 AM, Robert Haas wrote: > I think you could probably make the DELETE policy control what can get > deleted, but then have the SELECT policy further filter what gets > returned.
That seems like the worst of both worlds to me.
Suddenly DELETE ... RETURNING might delete more rows than it reports a resultset for. As well as being potentially dangerous for people using it in wCTEs, etc, to me that's the most astonishing possible outcome of all.
I'd be much happier with even:
ERROR: RETURNING not permitted with SELECT row-security policy
than this.
+1
This suggestion is most in line with what I would expect to occur.
