Zhaomo, * Zhaomo Yang (zmp...@gmail.com) wrote: > I just tried a little bit your patch for applying SELECT policies to > DELETE/UPDATE. It is consistent with the GRANT system so it looks > really good. I'll test it more thoroughly later.
Great! Glad to hear it. > Also, I guess we don't need to worry about the syntax of "restrictive > policies" you mentioned in the upthread since SELECT policies are > essentially restrictive now. They are when it comes to applying them on top of other policies to match the permissions system, but what I believe we'd like is the ability to *explicitly* make policies both restrictive and permissive. That would allow a user to create a set of permissive SELECT policies and than a set of restrictive SELECT policies, which might be much simpler to manage for their particular use-case. > Since that work has already been done, > I'm wondering if I can take the task of allowing policies to reference > both the 'old' and 'new' versions of the row. I understand that this > feature won't be considered for 9.5 but I'd like to implement it and > hopefully get it incorporated into 9.6. I'd love to see a patch for that for 9.6. Feel free to work on it and ping me with any questions you have. Once you have a patch, please make sure to add it to the appropriate commitfest (via http://commitfest.postgresql.org), so it won't be lost. Thanks! Stephen
signature.asc
Description: Digital signature