On 17 April 2015 at 12:54, Stephen Frost <sfr...@snowman.net> wrote: > Dean, I've been working through your patches over the past couple of > days (apologies for the lack of updates, just been busy) and hope to > push them very shortly (ie: by the end of the weekend). >
Cool. Thanks. > One thing that I was hoping to discuss a bit is that I've gone ahead and > added another set of hooks, so we can have both "permissive" and > "restrictive" policies be provided from the hook. It's a bit late to > make the grammar and other changes which would be required to add a > "restrictive" policy option to the built-in RLS, but adding the hooks is > relatively low-impact. > Sounds interesting. Perhaps that discussion should be moved to a new thread. > I'm also going to be including a test_rls_hooks module into > src/test/modules which will test those hooks and provide an example of > how to use them. > Good idea. I had been thinking that it would be good to test RLS hooks. > As for the discussion- there was some concern raised about extensions > being able to "override" built-in policies by using the hooks a certain > way. I don't entirely follow the logic behind that concern as an > extension has the ability to read the files on disk directly from C > code, should it be written to do so, and so not providing a hook to add > "permissive" policies is denying useful functionality for very question > gain, in my view at least. > > Thoughts? > Yeah, perhaps that concern is somewhat overblown and shouldn't stand in the way of allowing a hook to add permissive policies. Regards, Dean -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
