The command type to which the row-security policy is applied.
+ |
+ rsecroles
+ char
+
+ The roles to which the row-security policy is applied.
+
+
|
rsecqual
pg_node_tree
pg_class.relrowsecurity
- True if the table has row-security enabled.
- Must be true if the table has a row-security policy in this catalog.
+ True if the table has row-security enabled. Policies will not be applied
+ unless row-security is enabled on the table.
materialized views
+ |
+ pg_policies
+ policies
+
+
|
pg_prepared_statements
prepared statements
+
+
<structname>pg_policies</structname>
+
+
+
+
+ The view pg_policies provides access to
+ useful information about each policy in the database.
+
+
+
+
<structname>pg_policies</> Columns
+
+
+
+ |
+ Name
+ Type
+ References
+ Description
+
+
+
+ |
+ schemaname
+ name
+ pg_namespace.nspname
+ Name of schema containing table policy is on
+
+ |
+ tablename
+ name
+ pg_class.relname
+ Name of table policy is on
+
+ |
+ policyname
+ name
+ pg_class.relname
+ Name of policy
+
+ |
+ cmd
+ text
+
+ The command type to which the policy is applied.
+
+ |
+ roles
+ name[]
+
+ The roles to which this policy applies.
+
+ |
+ qual
+ text
+
+ The expression added to the security barrier qualifications for
+ queries which this policy applies to.
+
+ |
+ with_check
+ text
+
+ The expression added to the with check qualifications for
+ queries which attempt to add rows to this table.
+
+
+
+
+
+
+
<structname>pg_prepared_statements</structname>
CREATE VIEW pg_policies AS
SELECT
+ N.nspname AS schemaname,
+ C.relname AS tablename,
rs.rsecpolname AS policyname,
- (SELECT relname FROM pg_catalog.pg_class WHERE oid = rs.rsecrelid) AS tablename,
CASE
WHEN rs.rsecroles = '{0}' THEN
string_to_array('public', '')
WHERE oid = ANY (rs.rsecroles) ORDER BY 1
)
END AS roles,
- CASE WHEN rs.rseccmd IS NULL THEN 'ALL' ELSE
- CASE rs.rseccmd
+ CASE WHEN rs.rseccmd IS NULL THEN 'ALL' ELSE
+ CASE rs.rseccmd
WHEN 'r' THEN 'SELECT'
WHEN 'a' THEN 'INSERT'
WHEN 'u' THEN 'UPDATE'
pg_catalog.pg_get_expr(rs.rsecqual, rs.rsecrelid) AS qual,
pg_catalog.pg_get_expr(rs.rsecwithcheck, rs.rsecrelid) AS with_check
FROM pg_catalog.pg_rowsecurity rs
- ORDER BY 1;
+ JOIN pg_catalog.pg_class C ON (C.oid = rs.rsecrelid)
+ LEFT JOIN pg_catalog.pg_namespace N ON (N.oid = C.relnamespace);
CREATE VIEW pg_rules AS
SELECT
values[Anum_pg_rowsecurity_rsecrelid - 1] = ObjectIdGetDatum(table_id);
values[Anum_pg_rowsecurity_rsecpolname - 1]
- = CStringGetDatum(stmt->policy_name);
+ = DirectFunctionCall1(namein, CStringGetDatum(stmt->policy_name));
if (rseccmd)
values[Anum_pg_rowsecurity_rseccmd - 1] = CharGetDatum(rseccmd);
continue;
if (g_verbose)
- write_msg(NULL, "reading row-security enabled for table \"%s\"",
+ write_msg(NULL, "reading row-security enabled for table \"%s\".\"%s\"\n",
+ tbinfo->dobj.namespace->dobj.name,
tbinfo->dobj.name);
/*
}
if (g_verbose)
- write_msg(NULL, "reading row-security policies for table \"%s\"\n",
+ write_msg(NULL, "reading row-security policies for table \"%s\".\"%s\"\n",
+ tbinfo->dobj.namespace->dobj.name,
tbinfo->dobj.name);
/*
printfPQExpBuffer(&buf,
"SELECT rs.rsecpolname,\n"
- "CASE WHEN rs.rsecroles = '{0}' THEN NULL ELSE array(select rolname from pg_roles where oid = any (rs.rsecroles) order by 1) END,\n"
+ "CASE WHEN rs.rsecroles = '{0}' THEN NULL ELSE array_to_string(array(select rolname from pg_roles where oid = any (rs.rsecroles) order by 1),',') END,\n"
"pg_catalog.pg_get_expr(rs.rsecqual, rs.rsecrelid),\n"
"pg_catalog.pg_get_expr(rs.rsecwithcheck, rs.rsecrelid),\n"
- "rs.rseccmd AS cmd\n"
+ "CASE rs.rseccmd \n"
+ "WHEN 'r' THEN 'SELECT'\n"
+ "WHEN 'u' THEN 'UPDATE'\n"
+ "WHEN 'a' THEN 'INSERT'\n"
+ "WHEN 'd' THEN 'DELETE'\n"
+ "END AS cmd\n"
"FROM pg_catalog.pg_rowsecurity rs\n"
"WHERE rs.rsecrelid = '%s' ORDER BY 1;",
oid);
PQgetvalue(result, i, 0));
if (!PQgetisnull(result, i, 4))
- appendPQExpBuffer(&buf, " (%s)",
+ appendPQExpBuffer(&buf, " FOR %s",
PQgetvalue(result, i, 4));
+ if (!PQgetisnull(result, i, 1))
+ {
+ appendPQExpBuffer(&buf, "\n TO %s",
+ PQgetvalue(result, i, 1));
+ }
+
if (!PQgetisnull(result, i, 2))
- appendPQExpBuffer(&buf, " EXPRESSION %s",
+ appendPQExpBuffer(&buf, "\n USING %s",
PQgetvalue(result, i, 2));
if (!PQgetisnull(result, i, 3))
- appendPQExpBuffer(&buf, " WITH CHECK %s",
+ appendPQExpBuffer(&buf, "\n WITH CHECK %s",
PQgetvalue(result, i, 3));
printTableAddFooter(&cont, buf.data);
- if (!PQgetisnull(result, i, 1))
- {
- printfPQExpBuffer(&buf, " APPLIED TO %s",
- PQgetvalue(result, i, 1));
-
- printTableAddFooter(&cont, buf.data);
- }
}
PQclear(result);
}
LEFT JOIN pg_namespace n ON ((n.oid = c.relnamespace)))
LEFT JOIN pg_tablespace t ON ((t.oid = c.reltablespace)))
WHERE (c.relkind = 'm'::"char");
-pg_policies| SELECT rs.rsecpolname AS policyname,
- ( SELECT pg_class.relname
- FROM pg_class
- WHERE (pg_class.oid = rs.rsecrelid)) AS tablename,
+pg_policies| SELECT n.nspname AS schemaname,
+ c.relname AS tablename,
+ rs.rsecpolname AS policyname,
CASE
WHEN (rs.rsecroles = '{0}'::oid[]) THEN (string_to_array('public'::text, ''::text))::name[]
ELSE ARRAY( SELECT pg_authid.rolname
END AS cmd,
pg_get_expr(rs.rsecqual, rs.rsecrelid) AS qual,
pg_get_expr(rs.rsecwithcheck, rs.rsecrelid) AS with_check
- FROM pg_rowsecurity rs
- ORDER BY rs.rsecpolname;
+ FROM ((pg_rowsecurity rs
+ JOIN pg_class c ON ((c.oid = rs.rsecrelid)))
+ LEFT JOIN pg_namespace n ON ((n.oid = c.relnamespace)));
pg_prepared_statements| SELECT p.name,
p.statement,
p.prepare_time,
projects / postgresql.git / commitdiff