Re: unclear about row-level security USING vs. CHECK

On 9/23/15 2:52 PM, Stephen Frost wrote:
>> That might be reasonable, but the documentation is completely wrong
>> about that.
> 
> Really?  I feel pretty confident that it's at least mentioned.  I
> agree that it should be made more clear.

I quoted the documentation at the beginning of the thread.  That's all I
could find about it.

>> That said, why even have USING and CHECK as separate clauses?  Can't you
>> just create different policies if you want them different?
>>
>> Hypothetical example:
>>
>> CREATE POLICY p1 ON t1 FOR SELECT CHECK (extract(year from entered_on) =
>> extract(year from current_timestamp));
>> CREATE POLICY p2 ON t2 FOR INSERT, UPDATE, DELETE CHECK (entered_by =
>> current_user);
> 
> USING is about visibility of existing records, WITH CHECK is in regards
> to new rows being added to the relation (either through an INSERT or an
> UPDATE).

That makes sense, but then the current behavior that I mentioned at the
beginning of the thread is wrong.  If you think these clauses are
clearly separate, then they should be, er, clearly separate.

Maybe the syntax can be tweaked a little, like USING AND CHECK or
whatever.  Not that USING and CHECK are terribly intuitive in this
context anyway.