On Fri, Nov 1, 2024 at 11:04:53AM +0000, PG Doc comments form wrote:
> The following documentation comment has been logged on the website:
>
> Page: https://www.postgresql.org/docs/16/ddl-rowsecurity.html
> Description:
>
> Cite
> When multiple policies apply to a given query, they are combined using
> either OR (for permissive policies, which are the default) or using AND (for
> restrictive policies). This is similar to the rule that a given role has the
> privileges of all roles that they are a member of.
> end cite
>
> Not clear for what is "this is". May be better "The default behaviour is
> similar..."
I see your point. Attached is a patch which clarifies this.
--
Bruce Momjian <[email protected]> https://momjian.us
EDB https://enterprisedb.com
When a patient asks the doctor, "Am I going to die?", he means
"Am I going to die soon?"
diff --git a/doc/src/sgml/ddl.sgml b/doc/src/sgml/ddl.sgml
index f6344b3b79a..b4554253fbe 100644
--- a/doc/src/sgml/ddl.sgml
+++ b/doc/src/sgml/ddl.sgml
@@ -2592,7 +2592,8 @@ GRANT SELECT (col1), UPDATE (col1) ON mytable TO miriam_rw;
When multiple policies apply to a given query, they are combined using
either <literal>OR</literal> (for permissive policies, which are the
default) or using <literal>AND</literal> (for restrictive policies).
- This is similar to the rule that a given role has the privileges
+ The <literal>OR</literal> behavior is similar to the rule that a given
+ role has the privileges
of all roles that they are a member of. Permissive vs. restrictive
policies are discussed further below.
</para>
