Rename pg_rowsecurity -> pg_policy and other fixes

As pointed out by Robert, we should really have named pg_rowsecurity pg_policy, as the objects stored in that catalog are policies. This patch fixes that and updates the column names to start with 'pol' to match the new catalog name. The security consideration for COPY with row level security, also pointed out by Robert, has also been addressed by remembering and re-checking the OID of the relation initially referenced during COPY processing, to make sure it hasn't changed under us by the time we finish planning out the query which has been built. Robert and Alvaro also commented on missing OCLASS and OBJECT entries for POLICY (formerly ROWSECURITY or POLICY, depending) in various places. This patch fixes that too, which also happens to add the ability to COMMENT on policies. In passing, attempt to improve the consistency of messages, comments, and documentation as well. This removes various incarnations of 'row-security', 'row-level security', 'Row-security', etc, in favor of 'policy', 'row level security' or 'row_security' as appropriate. Happy Thanksgiving!
2025-12-19 17:02:53 +03:00 · 2014-11-27 01:06:36 -05:00
parent 1812ee5767
commit 143b39c185
47 changed files with 616 additions and 545 deletions
--- a/doc/src/sgml/ref/alter_policy.sgml
+++ b/doc/src/sgml/ref/alter_policy.sgml
@@ -16,7 +16,7 @@ PostgreSQL documentation

 <refnamediv>
  <refname>ALTER POLICY</refname>
-  <refpurpose>change the definition of a row-security policy</refpurpose>
+  <refpurpose>change the definition of a policy</refpurpose>
 </refnamediv>

 <refsynopsisdiv>
@@ -34,7 +34,7 @@ ALTER POLICY <replaceable class="parameter">name</replaceable> ON <replaceable c

  <para>
   <command>ALTER POLICY</command> changes the <replaceable class="parameter">
-   definition</replaceable> of an existing row-security policy.
+   definition</replaceable> of an existing policy.
  </para>

  <para>
--- a/doc/src/sgml/ref/create_policy.sgml
+++ b/doc/src/sgml/ref/create_policy.sgml
@@ -16,7 +16,7 @@ PostgreSQL documentation

 <refnamediv>
  <refname>CREATE POLICY</refname>
-  <refpurpose>define a new row-security policy for a table</refpurpose>
+  <refpurpose>define a new policy for a table</refpurpose>
 </refnamediv>

 <refsynopsisdiv>
@@ -33,14 +33,13 @@ CREATE POLICY <replaceable class="parameter">name</replaceable> ON <replaceable
  <title>Description</title>

  <para>
-   The <command>CREATE POLICY</command> command defines a new row-security
-   policy for a table.  Note that row-security must also be enabled on the
-   table using <command>ALTER TABLE</command> in order for created policies
-   to be applied.
+   The <command>CREATE POLICY</command> command defines a new policy for a
+   table.  Note that row level security must also be enabled on the table using
+   <command>ALTER TABLE</command> in order for created policies to be applied.
  </para>

  <para>
-   A row-security policy is an expression which is added to the security-barrier
+   A policy is an expression which is added to the security-barrier
   qualifications of queries which are run against the table the policy is on,
   or an expression which is added to the with-check options for a table and
   which is applied to rows which would be added to the table.
@@ -49,7 +48,7 @@ CREATE POLICY <replaceable class="parameter">name</replaceable> ON <replaceable
   expression will be evaluated against the rows which are going to be added to
   the table.  By adding policies to a table, a user can limit the rows which a
   given user can select, insert, update, or delete.  This capability is also
-   known as Row-Level Security or RLS.
+   known as Row Level Security or RLS.
  </para>

  <para>
@@ -66,22 +65,22 @@ CREATE POLICY <replaceable class="parameter">name</replaceable> ON <replaceable
  </para>

  <para>
-   Note that while row-security policies will be applied for explicit queries
-   against tables in the system, they are not applied when the system is
-   performing internal referential integrity checks or validating constraints.
-   This means there are indirect ways to determine that a given value exists.
-   An example of this is attempting to insert a duplicate value
-   into a column which is the primary key or has a unique constraint.  If the
-   insert fails then the user can infer that the value already exists (this
-   example assumes that the user is permitted by policy to insert
-   records which they are not allowed to see).  Another example is where a user
-   is allowed to insert into a table which references another, otherwise hidden
-   table.  Existence can be determined by the user inserting values into the
-   referencing table, where success would indicate that the value exists in the
-   referenced table.  These issues can be addressed by carefully crafting
-   policies which prevent users from being able to insert, delete, or update
-   records at all which might possibly indicate a value they are not otherwise
-   able to see, or by using generated values (e.g.: surrogate keys) instead.
+   Note that while policies will be applied for explicit queries against tables
+   in the system, they are not applied when the system is performing internal
+   referential integrity checks or validating constraints.  This means there are
+   indirect ways to determine that a given value exists.  An example of this is
+   attempting to insert a duplicate value into a column which is the primary key
+   or has a unique constraint.  If the insert fails then the user can infer that
+   the value already exists (this example assumes that the user is permitted by
+   policy to insert records which they are not allowed to see).  Another example
+   is where a user is allowed to insert into a table which references another,
+   otherwise hidden table.  Existence can be determined by the user inserting
+   values into the referencing table, where success would indicate that the
+   value exists in the referenced table.  These issues can be addressed by
+   carefully crafting policies which prevent users from being able to insert,
+   delete, or update records at all which might possibly indicate a value they
+   are not otherwise able to see, or by using generated values (e.g.: surrogate
+   keys) instead.
  </para>

  <para>
@@ -291,8 +290,8 @@ CREATE POLICY <replaceable class="parameter">name</replaceable> ON <replaceable

  <para>
   In order to maintain <firstterm>referential integrity</firstterm> between
-   two related tables, row-security policies are not applied when the system
-   performs checks on foreign key constraints.
+   two related tables, policies are not applied when the system performs
+   checks on foreign key constraints.
  </para>

 </refsect1>
--- a/doc/src/sgml/ref/drop_policy.sgml
+++ b/doc/src/sgml/ref/drop_policy.sgml
@@ -16,7 +16,7 @@ PostgreSQL documentation

 <refnamediv>
  <refname>DROP POLICY</refname>
-  <refpurpose>remove a row-security policy from a table</refpurpose>
+  <refpurpose>remove a policy from a table</refpurpose>
 </refnamediv>

 <refsynopsisdiv>
@@ -29,11 +29,11 @@ DROP POLICY [ IF EXISTS ] <replaceable class="parameter">name</replaceable> ON <
  <title>Description</title>

  <para>
-   <command>DROP POLICY</command> removes the specified row-security policy
-   from the table.  Note that if the last policy is removed for a table and
-   the table still has ROW POLICY enabled via <command>ALTER TABLE</command>,
-   then the default-deny policy will be used.  <command>ALTER TABLE</command>
-   can be used to disable row security for a table using
+   <command>DROP POLICY</command> removes the specified policy from the table.
+   Note that if the last policy is removed for a table and the table still has
+   row level security enabled via <command>ALTER TABLE</command>, then the
+   default-deny policy will be used.  <command>ALTER TABLE</command> can be used
+   to disable row level security for a table using
   <literal>DISABLE ROW SECURITY</literal>, whether policies for the table
   exist or not.
  </para>
@@ -80,8 +80,8 @@ DROP POLICY [ IF EXISTS ] <replaceable class="parameter">name</replaceable> ON <
  <title>Examples</title>

  <para>
-   To drop the row-security policy called <literal>p1</literal> on the
-   table named <literal>my_table</literal>:
+   To drop the policy called <literal>p1</literal> on the table named
+   <literal>my_table</literal>:

   <programlisting>
    DROP POLICY p1 ON my_table;