Hi, It appears that I'm not the only person who finds it somewhat unintuitive for overlapping RLS policies to be permissive rather than restrictive (OR vs AND) (at least 3 others seem to expect AND behaviour), although I understand the reasoning behind it. And I've since discovered that the same feature in another database system uses the latter rather than the former.
I posted a brain coredump of my thoughts on the matter on Depesz's blog (http://www.depesz.com/2014/10/02/waiting-for-9-5-row-level-security-policies-rls/#comment-187800) and I was wondering if there's a future in allowing both systems. The syntax is less important than the functionality, where restrictive policies would be AND'd, permissive policies would (like they currently do) be OR'd, and a combination would involve all restrictive plus at least one permissive (i.e. restr1 AND restr2 AND (perm3 OR perm4)). I'm just interested to know what others' thoughts on the matter are. Thom -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
