This table summarizes which RLS policy expressions apply to each
command type, and whether they apply to the old or new tuples (or
both), which saves reading through a lot of text.
Rod Taylor, hacked on by me. Reviewed by Fabien Coelho.
Discussion: https://postgr.es/m/CAHz80e4HxJShm6m9ZWFrHW=pgd2KP=RZmfFnEccujtPMiAOW5Q@mail.gmail.com
Policies can be applied for specific commands or for specific roles. The
default for newly created policies is that they apply for all commands and
- roles, unless otherwise specified.
+ roles, unless otherwise specified. Multiple policies may apply to a single
+ command; see below for more details.
+ summarizes how the different types
+ of policy apply to specific commands.
+
+
Policies Applied by Command Type
+
+
+
+
+
+ |
+ Command
+ SELECT/ALL policy
+ INSERT/ALL policy
+ UPDATE/ALL policy
+ DELETE/ALL policy
+
+ |
+ USING expression
+ WITH CHECK expression
+ USING expression
+ WITH CHECK expression
+ USING expression
+
+
+
+ |
+ SELECT
+ Existing row
+ —
+ —
+ —
+ —
+
+ |
+ SELECT FOR UPDATE/SHARE
+ Existing row
+ —
+ Existing row
+ —
+ —
+
+ |
+ INSERT
+ —
+ New row
+ —
+ —
+ —
+
+ |
+ INSERT ... RETURNING
+
+ New row
+
+ If read access is required to the existing or new row (for example,
+ a WHERE or RETURNING clause
+ that refers to columns from the relation).
+
+
+
+ New row
+ —
+ —
+ —
+
+ |
+ UPDATE
+
+ Existing & new rows
+
+
+ —
+ Existing row
+ New row
+ —
+
+ |
+ DELETE
+
+ Existing row
+
+
+ —
+ —
+ —
+ Existing row
+
+ |
+ ON CONFLICT DO UPDATE
+ Existing & new rows
+ —
+ Existing row
+ New row
+ —
+
+
+
+
+
projects / postgresql.git / commitdiff