Re: [COMMITTERS] pgsql: Row-Level Security Policies (RLS)

Alvaro,

* Alvaro Herrera (alvherre@2ndquadrant.com) wrote:
> What do we need RowSecurityPolicy->policy_id for?  It seems to me that
> it is only used to determine whether the policy is the "default deny"
> one, so that it can later be removed if a hook adds a different one.
> This seems contrived as well as under-documented.  Why isn't a boolean
> flag sufficient?

Thanks for taking a look!

It's also used during relcache updates (see equalPolicy()).  That wasn't
originally the case (I had missed adding the necessary bits to relcache
in the original patch), but I wouldn't want to remove that piece now
and, given that it's there, using InvalidOid to indicate when it's the
default-deny policy (and therefore this is no actual Oid) seems
sensible.
Thanks again!
    Stephen