Re: RLS Design

Поиск
Список
Период
Сортировка
От Brightwell, Adam
Тема Re: RLS Design
Дата
Msg-id CAKRt6CSAvMxf83eh88cu2crsQ9gibd=BumdhTHm2Wbym9KqHWg@mail.gmail.com
обсуждение исходный текст
Ответ на Re: RLS Design  (Robert Haas <robertmhaas@gmail.com>)
Ответы Re: RLS Design
Список pgsql-hackers
Дерево обсуждения
I think we do want a way to modify policies.  However, we tend to
avoid syntax that involves unnatural word order, as this certainly
does.  Maybe it's better to follow the example of CREATE RULE and
CREATE TRIGGER and do something this instead:

CREATE POLICY policy_name ON table_name USING quals;
ALTER POLICY policy_name ON table_name USING quals;
DROP POLICY policy_name ON table_name;

The advantage of this is that you can regard "policy_name ON
table_name" as the identifier for the policy throughout the system.
You need some kind of identifier of that sort anyway to support
COMMENT ON, SECURITY LABEL, and ALTER EXTENSION ADD/DROP for policies.

Sounds good.  I certainly think it makes a lot of sense to include the ALTER functionality, if for no other reason than ease of use.

Another item to consider, though I believe it can come later, is per-action policies.  Following the above suggested syntax, perhaps that might look like the following?

CREATE POLICY policy_name ON table_name FOR action USING quals;
ALTER POLICY policy_name ON table_name FOR action USING quals;
DROP POLICY policy_name ON table_name FOR action; 

I was also giving some thought to the use of "POLICY", perhaps I am wrong, but it does seem it could be at risk of becoming ambiguous down the road.  I can't think of any specific examples at the moment, but my concern is what happens if we wanted to add another "type" of policy, whatever that might be, later?  Would it make more sense to go ahead and qualify this a little more with "ROW SECURITY POLICY"?

Thanks,
Adam

--

В списке pgsql-hackers по дате отправления: