On 25 September 2014 15:26, Stephen Frost <sfr...@snowman.net> wrote: >> I expected this to still trigger an error due to the first policy. Am >> I to infer from this that the policy model is permissive rather than >> restrictive? > > That's correct and I believe pretty clear in the documentation- policies > are OR'd together, just the same as how roles are handled. As a > logged-in user, you have the rights of all of the roles you are a member > of (subject to inheiritance rules, of course), and similairly, you are > able to view and add all rows which match any policy which applies to > you (either through role membership or through different policies).
Okay, I see now. This is a mindset issue for me as I'm looking at them like constraints rather than permissions. Thanks for the explanation. Thom -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers