Rod, * Rod Taylor (rod.tay...@gmail.com) wrote: > Then there is a bug in the simpler statement which happily lets you give > away records. > > CREATE POLICY simple_all ON t TO simple USING (value > 0) WITH CHECK (true); > > SET session authorization simple; > SELECT * FROM t; > UPDATE t SET value = value * -1 WHERE value = 1; > -- No error and value is -1 at the end.
Hm, that does seem like it's not matching up with the intent, likely because it's an 'ALL' policy instead of individual policies. Out of curiosity, is there a particular use-case here that you're working towards, or just testing it out to see how it works? Thanks! Stephen
signature.asc
Description: Digital signature