git.postgresql.org Git - users/andresfreund/postgres.git/commit

author	Peter Geoghegan <pg@heroku.com>
	Wed, 7 Jan 2015 00:32:21 +0000 (16:32 -0800)
committer	Peter Geoghegan <peter.geoghegan86@gmail.com>
	Mon, 27 Apr 2015 00:58:27 +0000 (17:58 -0700)
commit	0bed7a33e1a3911c03eb259fee16c66b5efa6a6c
tree	1e4319dda9a7922e95e7b0cf173a958b5eaf6b80	tree
parent	2cc27182ff273e2e7bddf8b44de10e88cda776a2	commit \| diff

RLS support for ON CONFLICT UPDATE

This commit establishes that only insert policies are enforced on
post-insert tuples (as before), only update USING/security barrier quals
are enforced (as WCOs, with errors thrown) on existing TARGET.* tuples
(before ON CONFLICT UPDATE), and post-update tuple only has WCO
enforcement (without USING/security barrier qual enforcement).

In general, the implementation treats RLS with INSERT ... ON CONFLICT
UPDATE as close to regular INSERT/UPDATE behavior as possible.  The
consistent enforcement of USING/security barrier qualifications as WCOs
is the only real deviation.

Note to committer to authoritative master branch:  This commit is
intended to be squashed into the main ON CONFLICT UPDATE commit.  It has
only been split out for easier review by subject matter experts.

doc/src/sgml/ref/create_policy.sgml		diff \| blob \| blame \| history
src/backend/executor/execMain.c		diff \| blob \| blame \| history
src/backend/executor/nodeModifyTable.c		diff \| blob \| blame \| history
src/backend/rewrite/rowsecurity.c		diff \| blob \| blame \| history
src/include/nodes/parsenodes.h		diff \| blob \| blame \| history
src/test/regress/expected/rowsecurity.out		diff \| blob \| blame \| history
src/test/regress/sql/rowsecurity.sql		diff \| blob \| blame \| history