Re: CREATE POLICY and RETURNING

On 10/17/2014 02:49 AM, Robert Haas wrote:
> I think you could probably make the DELETE policy control what can get
> deleted, but then have the SELECT policy further filter what gets
> returned.

That seems like the worst of both worlds to me.

Suddenly DELETE ... RETURNING might delete more rows than it reports a
resultset for. As well as being potentially dangerous for people using
it in wCTEs, etc, to me that's the most astonishing possible outcome of all.

I'd be much happier with even:

  ERROR: RETURNING not permitted with SELECT row-security policy

than this.