On 25 September 2014 15:26, Stephen Frost <sfr...@snowman.net> wrote:
>> I expected this to still trigger an error due to the first policy.  Am
>> I to infer from this that the policy model is permissive rather than
>> restrictive?
> That's correct and I believe pretty clear in the documentation- policies
> are OR'd together, just the same as how roles are handled.  As a
> logged-in user, you have the rights of all of the roles you are a member
> of (subject to inheiritance rules, of course), and similairly, you are
> able to view and add all rows which match any policy which applies to
> you (either through role membership or through different policies).

Okay, I see now.  This is a mindset issue for me as I'm looking at
them like constraints rather than permissions.  Thanks for the


Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to