On 1 September 2016 at 10:02, Robert Haas <robertmh...@gmail.com> wrote: > On Thu, Sep 1, 2016 at 12:04 PM, Stephen Frost <sfr...@snowman.net> wrote: >> As outlined in the commit message, this adds support for restrictive RLS >> policies. We've had this in the backend since 9.5, but they were only >> available via hooks and therefore extensions. This adds support for >> them to be configured through regular DDL commands. These policies are, >> essentially "AND"d instead of "OR"d. >> >> Includes updates to the catalog, grammer, psql, pg_dump, and regression >> tests. Documentation will be added soon, but until then, would be great >> to get feedback on the grammer, catalog and code changes. > > I don't like CREATE RESTRICT POLICY much. It's not very good grammar, > for one thing. I think putting the word RESTRICT, or maybe AS > RESTRICT, somewhere later in the command would be better. > > I also think that it is very strange to have the grammar keyword be > "restrict" but the internal flag be called "permissive". It would be > better to have the sense of those flags match. > > (This is not intended as a full review, just a quick comment.)
I had proposed this sort of functionality a couple years back: https://www.depesz.com/2014/10/02/waiting-for-9-5-row-level-security-policies-rls/#comment-187800 And I suggested CREATE RESTRICTIVE POLICY, but looking back at that, perhaps you're right, and it would be better to add it later in the command. Thom -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
