Re: RLS open items are vague and unactionable

On Mon, Sep 28, 2015 at 03:03:51PM -0400, Stephen Frost wrote:
> If SELECT rights are required then apply the SELECT policies, even if
> the actual command is an UPDATE or DELETE.  This covers the RETURNING
> case which was discussed previously, so we don't need the explicit check
> for that, and further addresses the concern raised by Zhaomo about
> someone abusing the WHERE clause in an UPDATE or DELETE.
> 
> Further, if UPDATE rights are required then apply the UPDATE policies,
> even if the actual command is a SELECT.  This addresses the concern that
> a user might be able to lock rows they're not actually allowed to UPDATE
> through the UPDATE policies.
> 
> Comments welcome, of course.  Barring concerns, I'll get this pushed
> tomorrow.

The CREATE POLICY reference page continues to describe the behavior this patch
replaced, not today's behavior.