[HACKERS] RLS related docs

Joe Conway Tue, 24 May 2016 18:05:29 -0700

Please see attached two proposed patches for the docs related to RLS:

1) Correction to pg_restore
2) Additional mentions that "COPY FROM" does not allow RLS to be enabled


Comments?

Related question: I believe

  COPY tbl TO ...

is internally converted to

  COPY (select * FROM tbl) TO ...

when RLS is involved. Do we want to document that?

Joe

-- 
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development

diff --git a/doc/src/sgml/ref/pg_restore.sgml b/doc/src/sgml/ref/pg_restore.sgml
index 66d09f4..e951182 100644
*** a/doc/src/sgml/ref/pg_restore.sgml
--- b/doc/src/sgml/ref/pg_restore.sgml
***************
*** 537,543 ****
  
         <para>
          Note that this option currently also requires the dump be in <command>INSERT</command>
!         format, as <command>COPY TO</command> does not support row security.
         </para>
        </listitem>
       </varlistentry>
--- 537,543 ----
  
         <para>
          Note that this option currently also requires the dump be in <command>INSERT</command>
!         format, as <command>COPY FROM</command> does not support row security.
         </para>
        </listitem>
       </varlistentry>

diff --git a/doc/src/sgml/ref/copy.sgml b/doc/src/sgml/ref/copy.sgml
index 07e2f45..bb7662a 100644
*** a/doc/src/sgml/ref/copy.sgml
--- b/doc/src/sgml/ref/copy.sgml
*************** COPY <replaceable class="parameter">coun
*** 502,507 ****
--- 502,511 ----
      null strings to null values and unquoted null strings to empty strings.
     </para>
  
+    <para>
+     <command>COPY FROM</command> does not support row security. Use
+     <command>INSERT</command> instead.
+    </para>
   </refsect1>
  
   <refsect1>
diff --git a/doc/src/sgml/ref/pg_dump.sgml b/doc/src/sgml/ref/pg_dump.sgml
index bc28684..0995c6b 100644
*** a/doc/src/sgml/ref/pg_dump.sgml
--- b/doc/src/sgml/ref/pg_dump.sgml
*************** PostgreSQL documentation
*** 716,721 ****
--- 716,726 ----
          to dump the parts of the contents of the table that they have access to.
         </para>
  
+        <para>
+         Note that if you use this option currently, you probably also want
+         the dump be in <command>INSERT</command> format, as the
+         <command>COPY FROM</command> during restore does not support row security.
+        </para>
        </listitem>
       </varlistentry>

signature.asc
Description: OpenPGP digital signature

[HACKERS] RLS related docs

Reply via email to