On 2019-02-21 15:56, Pierre Ducroquet wrote:
> I undestand these decisions, but it makes RLS quite fragile, with numerous un-
> documented side-effects. In order to save difficulties from future users, I 
> wrote this patch to the documentation, listing the biggest restrictions I hit 
> with RLS so far.

This appears to be the patch of record for this commit fest entry.

I agree that it would be useful to document and discuss better which
built-in operators are leak-proof and which are not.  But I don't think
the CREATE POLICY reference page is the place to do it.  Note that the
leak-proofness mechanism was originally introduced for security-barrier
views (an early form of RLS if you will), so someone could also
reasonably expect a discussion there.

I'm not sure of the best place to put it.  Perhaps adding a section to
the Functions and Operators chapter would work.

Also, once you start such a list, there will be an expectation that it's
complete.  So that would need to be ensured.  You only list a few things
you found.  Are there others?  How do we keep this up to date?

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

Reply via email to