[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pgsql-hackers
Subject:    Re: [HACKERS] RLS related docs
From:       Joe Conway <mail () joeconway ! com>
Date:       2016-05-30 20:56:37
Message-ID: 574CA905.2040101 () joeconway ! com
[Download RAW message or body]


On 05/26/2016 12:26 AM, Dean Rasheed wrote:
> On 25 May 2016 at 02:04, Joe Conway <mail@joeconway.com> wrote:
>> Please see attached two proposed patches for the docs related to RLS:
>>
>> 1) Correction to pg_restore
>> 2) Additional mentions that "COPY FROM" does not allow RLS to be enabled
>>
>> Comments?
>>
> 
> The pg_restore change looks good -- that was clearly wrong.
> 
> Also, +1 for the new note in pg_dump.

Great, thanks!

> For COPY, I think perhaps it would be more logical to put the new note
> immediately after the third note which describes the privileges
> required, since it's kind of related, and then we can talk about the
> RLS policies required, e.g.:
> 
>     If row-level security is enabled for the table, COPY table TO is
>     internally converted to COPY (SELECT * FROM table) TO, and the
>     relevant security policies are applied. Currently, COPY FROM is not
>     supported for tables with row-level security.

This sounds better than what I had, so I will do it that way.

Thanks,

Joe

-- 
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]