Re: RLS Design
| От | Thom Brown |
|---|---|
| Тема | Re: RLS Design |
| Дата | |
| Msg-id | CAA-aLv7phXW+AvFN0q0pqHR_iG-b1642Y9ZdX-P_x+_uxWqYAA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: RLS Design (Stephen Frost <sfrost@snowman.net>) |
| Список | pgsql-hackers |
On 25 September 2014 15:26, Stephen Frost <sfrost@snowman.net> wrote: >> I expected this to still trigger an error due to the first policy. Am >> I to infer from this that the policy model is permissive rather than >> restrictive? > > That's correct and I believe pretty clear in the documentation- policies > are OR'd together, just the same as how roles are handled. As a > logged-in user, you have the rights of all of the roles you are a member > of (subject to inheiritance rules, of course), and similairly, you are > able to view and add all rows which match any policy which applies to > you (either through role membership or through different policies). Okay, I see now. This is a mindset issue for me as I'm looking at them like constraints rather than permissions. Thanks for the explanation. Thom
В списке pgsql-hackers по дате отправления: