Re: Row security policies documentation question

On 05/31/2016 01:59 PM, Alexander M. Sauer-Budge wrote:
> Hello,
>
> Section 5.7. on Row Security Policies (https://www.postgresql.org/docs/current/static/ddl-rowsecurity.html) for 9.5
says:
>
> As a simple example, here is how to create a policy on the account relation to allow only members of the managers
roleto access rows, and only rows of their accounts: 
>
> CREATE TABLE accounts (manager text, company text, contact_email text);
>
> ALTER TABLE accounts ENABLE ROW LEVEL SECURITY;
>
> CREATE POLICY account_managers ON accounts TO managers
>     USING (manager = current_user);
>
> If no role is specified, or the special user name PUBLIC is used, then the policy applies to all users on the system.
Toallow all users to access their own row in a users table, a simple policy can be used: 
>
> CREATE POLICY user_policy ON users
>     USING (user = current_user);
>
> ---
>
> I’m trying understand the example as it references both an `accounts` table and a `users` table which isn’t defined.
Isthis a mishmash of example fragments or should the CREATE POLICY statement reference the `accounts` table instead of
`users`?Specifically, what does `user` reference in the statement "CREATE POLICY user_policy ON users USING (user =
current_user);”?Is this a table column in a `users` table the example doesn’t define or does PostgreSQL keep track of
whatuser/role inserted a row and allow policies to use it? 

For a good review of what is possible with RLS take a look at this blog:

http://blog.2ndquadrant.com/application-users-vs-row-level-security/

>
> Thanks!
> Alex
>
>
>


--
Adrian Klaver
adrian.klaver@aklaver.com