* Robert Haas (robertmh...@gmail.com) wrote: > The key point from my angle is that if you grant user alice the right > to see records where a = 1 and user bob the right to see records where > a = 2, the multiple-policy approach allows those quals to be > implemented as index-scans. If you had a single policy granting all > users the right to see records where policyfunc() returns true, it > would never be indexable.
Right, that is certainly an important aspect also. > I think that Thom's idea of having some policies that are additional > filter conditions on top of everything else is a pretty good one. > It's probably possible to construct a case where you need multiple > levels of AND and OR logic, which Thom's proposal does not provide > for. But are there really cases like that which anyone cares about? I keep coming back to the feeling that we'd need some kind of exception capability (more than just excluding the owner), without which this feature wouldn't end up being practical. > I think we're going to be tempted to think about that question for > about 60 seconds and say "nope", and that's probably not enough > thought. It deserves serious reflection, because I think Thom's > proposal is terminal: if we do what he's proposing, it'll be hard to > extend the idea any further if we later discover that it isn't general > enough. That having been said, what he's proposing is simple and > covers a fair amount of ground, and is thus worthy of serious > consideration, at least IMHO. Even given the above, I do like the idea in general and have been thinking we need to provide something along these lines. I've been trying to work out if we could provide a way to get to a generalized CNF capability for policies, but I agree that it's unclear if there's a real-world need for such. Thanks, Stephen
signature.asc
Description: Digital signature