On Mon, Jun 30, 2014 at 9:42 AM, Stephen Frost <sfr...@snowman.net> wrote: >> > I'm not a fan of the EXEMPT approach.. >> >> Just out of curiosity, why not? > > I don't see it as really solving the flexibility need and it feels quite > a bit more complicated to reason about. Would someone who is EXEMPT > from one policy on a given table still have other policies on that table > applied to them?
Yes; otherwise, EXEMPT couldn't be granted by non-superusers, and the whole point of that proposal was to come up with something that would be clearly safe for ordinary users to use. > Would a user be able to be EXEMPT from multiple > policies? Yes, clearly. It would be a privilege on the policy object, so different objects can have different privileges. > I feel like that's what you're suggesting with this approach, > otherwise I don't see it as really different from the 'DIRECT SELECT' > privilege discussed previously.. Right. If you took that away, it wouldn't be different. The number of possible approaches here has expanded beyond what I can keep in my head; I'm assuming you are planning to think this over and propose something comprehensive, or maybe Dean or someone else will do that. But I'm not sure that all the approaches proposed would make it safe for non-superusers to use RLS, and I think it would be good if they could. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers