On Tue, Jan 6, 2015 at 11:25 AM, Stephen Frost <sfrost@snowman.net> wrote:
> Looks reasonable to me. Amit, does this read better for you? If so, I
> can handle making the change to the docs.
The docs also prominently say:
"The security-barrier qualifications will always be evaluated prior to
any user-defined functions or user-provided WHERE clauses, while the
with-check expression will be evaluated against the rows which are
going to be added to the table. By adding policies to a table, a user
can limit the rows which a given user can select, insert, update, or
delete. This capability is also known as Row Level Security or RLS."
I would prefer it if it was clearer based on the syntax description
which qual is which. The security barrier qual "expression" should
have an identifier/name in the syntax description that is more
suggestive of "security barrier qual", emphasizing its distinctness
from "check_expression". For example, I think "barrier_expression"
would be clearer.
--
Peter Geoghegan