Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-29 Thread Charles Clavadetscher
<pete...@gmx.net>; pgsql-hackers > <pgsql-hackers@postgresql.org>; Charles Clavadetscher > <clavadetsc...@swisspug.org> > Subject: Re: [HACKERS] unclear about row-level security USING vs. CHECK > > On Mon, Sep 28, 2015 at 3:15 PM, Stephen Frost <sfr...@snowman.net&

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-29 Thread Dean Rasheed
On 28 September 2015 at 20:15, Stephen Frost wrote: > I listed out the various alternatives but didn't end up getting any > responses to it. I'm still of the opinion that the documentation is the > main thing which needs improving here, but we can also change CREATE > POLICY,

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-29 Thread Adam Brightwell
> My vote would be to keep it as-is. Same for me. > It feels perfectly natural to me. USING clauses add to the query's > WHERE clause controlling which existing rows you can SELECT, UPDATE or > DELETE. WITH CHECK clauses control what new data you can add via > INSERT or UPDATE. UPDATE allows

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-29 Thread Stephen Frost
* Dean Rasheed (dean.a.rash...@gmail.com) wrote: > On 28 September 2015 at 20:15, Stephen Frost wrote: > > I listed out the various alternatives but didn't end up getting any > > responses to it. I'm still of the opinion that the documentation is the > > main thing which

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-28 Thread Charles Clavadetscher
com> > Cc: pgsql-hackers <pgsql-hackers@postgresql.org>; Charles Clavadetscher > <clavadetsc...@swisspug.org> > Subject: Re: [HACKERS] unclear about row-level security USING vs. CHECK > > * Peter Eisentraut (pete...@gmx.net) wrote: > > I see. But it is a

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-28 Thread Stephen Frost
* Peter Eisentraut (pete...@gmx.net) wrote: > I see. But it is a bit odd to hide this very fundamental behavior > somewhere in a paragraph that starts out with something about roles. I'm happy to change that. You're right, it should be a paragraph by itself. > There is also a mistake, I

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-28 Thread Robert Haas
On Mon, Sep 28, 2015 at 3:15 PM, Stephen Frost wrote: > I listed out the various alternatives but didn't end up getting any > responses to it. I'm still of the opinion that the documentation is the > main thing which needs improving here, but we can also change CREATE >

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-28 Thread Robert Haas
On Sat, Sep 26, 2015 at 9:46 PM, Peter Eisentraut wrote: > On 9/23/15 3:41 PM, Stephen Frost wrote: > I see. But it is a bit odd to hide this very fundamental behavior > somewhere in a paragraph that starts out with something about roles. > > There is also a mistake, I believe:

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-26 Thread Peter Eisentraut
On 9/23/15 3:41 PM, Stephen Frost wrote: > The CREATE POLICY documentation discusses how lack of a WITH CHECK > policy means the USING expression is used: > > """ > Policies can be applied for specific commands or for specific roles. The > default for newly created policies is that they apply for

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-23 Thread Robert Haas
On Tue, Sep 22, 2015 at 10:36 PM, Charles Clavadetscher wrote: > Since the policy is defined for ALL commands and no WITH CHECK is specified > then the same condition defined in USING takes effect for all commands, i.e. > including INSERT. > > From the docs >

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-23 Thread Robert Haas
On Wed, Sep 23, 2015 at 11:05 AM, Stephen Frost wrote: >> Gosh, I think it would have been better to have a cleaner separation >> of USING and WITH CHECK. That sounds far too unnecessarily magical. > > That the USING policy is used if WITH CHECK isn't defined? That was >

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-23 Thread Stephen Frost
* Robert Haas (robertmh...@gmail.com) wrote: > On Tue, Sep 22, 2015 at 10:36 PM, Charles Clavadetscher > wrote: > > Since the policy is defined for ALL commands and no WITH CHECK is specified > > then the same condition defined in USING takes effect for all commands,

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-23 Thread Stephen Frost
* Robert Haas (robertmh...@gmail.com) wrote: > On Wed, Sep 23, 2015 at 11:05 AM, Stephen Frost wrote: > >> Gosh, I think it would have been better to have a cleaner separation > >> of USING and WITH CHECK. That sounds far too unnecessarily magical. > > > > That the USING

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-23 Thread Robert Haas
On Wed, Sep 23, 2015 at 12:01 PM, Stephen Frost wrote: > * Robert Haas (robertmh...@gmail.com) wrote: >> On Wed, Sep 23, 2015 at 11:24 AM, Stephen Frost wrote: >> > I'm working on a documentation patch with Adam to improve the docs >> > around this (and

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-23 Thread Peter Eisentraut
On 9/23/15 11:05 AM, Stephen Frost wrote: > That the USING policy is used if WITH CHECK isn't defined? That was > simply done to make policy management simple as in quite a few cases > only one policy is needed. If a WITH CHECK was always required then > you'd be constantly writing: > > CREATE

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-23 Thread Stephen Frost
* Robert Haas (robertmh...@gmail.com) wrote: > On Wed, Sep 23, 2015 at 11:24 AM, Stephen Frost wrote: > > I'm working on a documentation patch with Adam to improve the docs > > around this (and other parts as well). I agree it doesn't come off as > > naturally intuitive to

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-23 Thread Robert Haas
On Wed, Sep 23, 2015 at 11:24 AM, Stephen Frost wrote: > I'm working on a documentation patch with Adam to improve the docs > around this (and other parts as well). I agree it doesn't come off as > naturally intuitive to everyone (it did to me, but I'm clearly biased > as, I

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-23 Thread Robert Haas
On Wed, Sep 23, 2015 at 2:39 PM, Stephen Frost wrote: > * Robert Haas (robertmh...@gmail.com) wrote: >> On Wed, Sep 23, 2015 at 12:01 PM, Stephen Frost wrote: >> > * Robert Haas (robertmh...@gmail.com) wrote: >> >> My expectation would have been: >> >> >>

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-23 Thread Stephen Frost
* Peter Eisentraut (pete...@gmx.net) wrote: > On 9/23/15 11:05 AM, Stephen Frost wrote: > > That the USING policy is used if WITH CHECK isn't defined? That was > > simply done to make policy management simple as in quite a few cases > > only one policy is needed. If a WITH CHECK was always

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-23 Thread Stephen Frost
Peter, * Peter Eisentraut (pete...@gmx.net) wrote: > I'm testing the new row-level security feature. I'm not clear on the > difference between the USING and CHECK clauses in the CREATE POLICY > statement. > > The documentation says: > > """ > A policy grants the ability to SELECT, INSERT,

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-23 Thread Stephen Frost
* Robert Haas (robertmh...@gmail.com) wrote: > On Wed, Sep 23, 2015 at 12:01 PM, Stephen Frost wrote: > > * Robert Haas (robertmh...@gmail.com) wrote: > >> My expectation would have been: > >> > >> If you specify USING, you can see only those rows, but you can give > >> rows

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-23 Thread Peter Eisentraut
On 9/23/15 2:52 PM, Stephen Frost wrote: >> That might be reasonable, but the documentation is completely wrong >> about that. > > Really? I feel pretty confident that it's at least mentioned. I > agree that it should be made more clear. I quoted the documentation at the beginning of the

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-23 Thread Alvaro Herrera
Robert Haas wrote: > On Wed, Sep 23, 2015 at 2:39 PM, Stephen Frost wrote: > > * Robert Haas (robertmh...@gmail.com) wrote: > >> On Wed, Sep 23, 2015 at 12:01 PM, Stephen Frost wrote: > >> > * Robert Haas (robertmh...@gmail.com) wrote: > >> >> My

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-23 Thread Stephen Frost
* Alvaro Herrera (alvhe...@2ndquadrant.com) wrote: > Robert Haas wrote: > > On Wed, Sep 23, 2015 at 2:39 PM, Stephen Frost wrote: > > > * Robert Haas (robertmh...@gmail.com) wrote: > > >> On Wed, Sep 23, 2015 at 12:01 PM, Stephen Frost > > >> wrote: > >

Re: [HACKERS] unclear about row-level security USING vs. CHECK

2015-09-22 Thread Charles Clavadetscher
Hello Peter > I'm testing the new row-level security feature. I'm not clear on the > difference between the USING and CHECK clauses in the CREATE POLICY > statement. > > The documentation says: > > """ > A policy grants the ability to SELECT, INSERT, UPDATE, or DELETE rows > which match the