Featured content is also available via:

Add support for restrictive RLS policies

Enterprise / PostgreSQL - Stephen Frost [snowman.net] - 5 December 2016 14:50 UTC

We have had support for restrictive RLS policies since 9.5, but they were only available through extensions which use the appropriate hooks. This adds support into the grammer, catalog, psql and pg_dump for restrictive RLS policies, thus reducing the cases where an extension is necessary.

In passing, also move away from using "AND"d and "OR"d in comments. As pointed out by Alvaro, it's not really appropriate to attempt to make verbs out of "AND" and "OR", so reword those comments which attempted to.

Reviewed By: Jeevan Chalke, Dean Rasheed Discussion: https://postgr.es/m/20160901063404.GY4028@tamriel.snowman.net

093129c Add support for restrictive RLS policies
doc/src/sgml/catalogs.sgml | 13 ++
doc/src/sgml/ddl.sgml | 58 +++++-
doc/src/sgml/ref/alter_policy.sgml | 7 +-
doc/src/sgml/ref/create_policy.sgml | 38 ++++
src/backend/catalog/system_views.sql | 6 +
src/backend/commands/policy.c | 9 +
src/backend/nodes/copyfuncs.c | 1 +
src/backend/nodes/equalfuncs.c | 1 +
src/backend/parser/gram.y | 43 ++++-
src/backend/rewrite/rowsecurity.c | 54 ++++--
src/bin/pg_dump/pg_dump.c | 69 ++++---
src/bin/pg_dump/pg_dump.h | 3 +-
src/bin/pg_dump/t/002_pg_dump.pl | 33 +++-
src/bin/psql/describe.c | 100 +++++++---
src/bin/psql/tab-complete.c | 29 ++-
src/include/catalog/pg_policy.h | 16 +-
src/include/nodes/parsenodes.h | 1 +
src/include/rewrite/rowsecurity.h | 1 +
src/test/regress/expected/rowsecurity.out | 284 +++++++++++++++++++++++------
src/test/regress/expected/rules.out | 4 +
src/test/regress/sql/rowsecurity.sql | 45 ++++-
21 files changed, 665 insertions(+), 150 deletions(-)

Upstream: git.postgresql.org