Re: SE-PostgreSQL and row level security

Robert Haas <robertmhaas@gmail.com> writes:
> I'm a little bothered by this issue with respect to INSERT, UPDATE,
> and DELETE, since it's possible that I have permission to see rows but
> not updated them, and it would be a little weird if select and update
> with equivalent where clauses operated on different sets of records
> (although that can happen anyway, because of BEFORE triggers, and it's
> pretty irritating).  It's not clear that there's a clean solution
> here, but it's at least food for thought.

80% of the problem here is exactly that the proposed solution doesn't
seem very semantically clean.  And once we accept it we're going to be
stuck with it for a long time --- compare for instance the multiple
serious annoyances with RULEs, which we can't fix easily because of
backwards compatibility considerations.
        regards, tom lane