Dean Rasheed <dean.a.rash...@gmail.com> wrote: > Ultimately I think this will be an extremely rare case, probably more > likely to happen as a result of accidentally misconfigured policies. > But if that does happen, I'd rather have an error to alert me to the > fact, than to silently do nothing.
I agree with Tom and Robert on this -- if we are going to allow RETURNING on a DELETE or UPDATE of a table with RLS, the SELECT policy must filter rows going to the DELETE or UPDATE phase and silently ignore those which the user is not allowed to read. Anything else seems crazy to me. If we can't do that, I think we should prohibit RETURNING on DELETE or UPDATE if there is RLS affecting the user's SELECTs. -- Kevin Grittner EDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
