diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml index 1345791e963..492ed348b3a 100644 --- a/doc/src/sgml/catalogs.sgml +++ b/doc/src/sgml/catalogs.sgml @@ -1556,7 +1556,7 @@ rolbypassrls bool - Role bypasses every row level security policy, see + Role bypasses every row-level security policy, see for more information. @@ -2130,7 +2130,7 @@ SCRAM-SHA-256$<iteration count>:&l relrowsecurity bool - True if table has row level security enabled; see + True if table has row-level security enabled; see pg_policy catalog @@ -2140,7 +2140,7 @@ SCRAM-SHA-256$<iteration count>:&l relforcerowsecurity bool - True if row level security (when enabled) will also apply to table owner; see + True if row-level security (when enabled) will also apply to table owner; see pg_policy catalog @@ -5531,7 +5531,7 @@ SCRAM-SHA-256$<iteration count>:&l - The catalog pg_policy stores row level + The catalog pg_policy stores row-level security policies for tables. A policy includes the kind of command that it applies to (possibly all commands), the roles that it applies to, the expression to be added as a security-barrier @@ -11765,7 +11765,7 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx rolbypassrls bool - Role bypasses every row level security policy, see + Role bypasses every row-level security policy, see for more information. @@ -12554,7 +12554,7 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx usebypassrls bool - User bypasses every row level security policy, see + User bypasses every row-level security policy, see for more information. @@ -13667,7 +13667,7 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx usebypassrls bool - User bypasses every row level security policy, see + User bypasses every row-level security policy, see for more information. diff --git a/doc/src/sgml/ddl.sgml b/doc/src/sgml/ddl.sgml index 30e41709634..7d587b226cb 100644 --- a/doc/src/sgml/ddl.sgml +++ b/doc/src/sgml/ddl.sgml @@ -2382,7 +2382,7 @@ INSERT INTO passwd VALUES INSERT INTO passwd VALUES ('alice','xxx',2,1,'Alice','098-765-4321',null,'/home/alice','/bin/zsh'); --- Be sure to enable row level security on the table +-- Be sure to enable row-level security on the table ALTER TABLE passwd ENABLE ROW LEVEL SECURITY; -- Create policies diff --git a/doc/src/sgml/ref/alter_policy.sgml b/doc/src/sgml/ref/alter_policy.sgml index 1c38324b599..fbc262ba20d 100644 --- a/doc/src/sgml/ref/alter_policy.sgml +++ b/doc/src/sgml/ref/alter_policy.sgml @@ -16,7 +16,7 @@ PostgreSQL documentation ALTER POLICY - change the definition of a row level security policy + change the definition of a row-level security policy diff --git a/doc/src/sgml/ref/alter_table.sgml b/doc/src/sgml/ref/alter_table.sgml index 07e37a6dc81..39927be41ed 100644 --- a/doc/src/sgml/ref/alter_table.sgml +++ b/doc/src/sgml/ref/alter_table.sgml @@ -611,7 +611,7 @@ WITH ( MODULUS numeric_literal, REM These forms control the application of row security policies belonging to the table. If enabled and no policies exist for the table, then a default-deny policy is applied. Note that policies can exist for a table - even if row level security is disabled. In this case, the policies will + even if row-level security is disabled. In this case, the policies will not be applied and the policies will be ignored. See also CREATE POLICY. @@ -624,9 +624,9 @@ WITH ( MODULUS numeric_literal, REM These forms control the application of row security policies belonging - to the table when the user is the table owner. If enabled, row level + to the table when the user is the table owner. If enabled, row-level security policies will be applied when the user is the table owner. If - disabled (the default) then row level security will not be applied when + disabled (the default) then row-level security will not be applied when the user is the table owner. See also CREATE POLICY. diff --git a/doc/src/sgml/ref/create_policy.sgml b/doc/src/sgml/ref/create_policy.sgml index b4f90561018..9f532068e64 100644 --- a/doc/src/sgml/ref/create_policy.sgml +++ b/doc/src/sgml/ref/create_policy.sgml @@ -16,7 +16,7 @@ PostgreSQL documentation CREATE POLICY - define a new row level security policy for a table + define a new row-level security policy for a table @@ -188,7 +188,7 @@ CREATE POLICY name ON SQL conditional expression (returning boolean). The conditional expression cannot contain any aggregate or window functions. This expression will be added - to queries that refer to the table if row level security is enabled. + to queries that refer to the table if row-level security is enabled. Rows for which the expression returns true will be visible. Any rows for which the expression returns false or null will not be visible to the user (in a SELECT), and will not be @@ -207,7 +207,7 @@ CREATE POLICY name ON boolean). The conditional expression cannot contain any aggregate or window functions. This expression will be used in INSERT and UPDATE queries against - the table if row level security is enabled. Only rows for which the + the table if row-level security is enabled. Only rows for which the expression evaluates to true will be allowed. An error will be thrown if the expression evaluates to false or null for any of the records inserted or any of the records that result from the update. Note that diff --git a/doc/src/sgml/ref/drop_policy.sgml b/doc/src/sgml/ref/drop_policy.sgml index 9297ade1133..d7d3771faea 100644 --- a/doc/src/sgml/ref/drop_policy.sgml +++ b/doc/src/sgml/ref/drop_policy.sgml @@ -16,7 +16,7 @@ PostgreSQL documentation DROP POLICY - remove a row level security policy from a table + remove a row-level security policy from a table @@ -31,9 +31,9 @@ DROP POLICY [ IF EXISTS ] name ON < DROP POLICY removes the specified policy from the table. Note that if the last policy is removed for a table and the table still has - row level security enabled via ALTER TABLE, then the + row-level security enabled via ALTER TABLE, then the default-deny policy will be used. ALTER TABLE ... DISABLE ROW - LEVEL SECURITY can be used to disable row level security for a + LEVEL SECURITY can be used to disable row-level security for a table, whether policies for the table exist or not. diff --git a/doc/src/sgml/rules.sgml b/doc/src/sgml/rules.sgml index 2ae6925b418..5024e4ff704 100644 --- a/doc/src/sgml/rules.sgml +++ b/doc/src/sgml/rules.sgml @@ -2123,7 +2123,7 @@ SELECT * FROM phone_number WHERE tricky(person, phone); - When it is necessary for a view to provide row level security, the + When it is necessary for a view to provide row-level security, the security_barrier attribute should be applied to the view. This prevents maliciously-chosen functions and operators from being passed values from rows until after the view has done its work. For diff --git a/src/backend/commands/copyto.c b/src/backend/commands/copyto.c index 7257a54e935..67bac9ccab6 100644 --- a/src/backend/commands/copyto.c +++ b/src/backend/commands/copyto.c @@ -512,7 +512,7 @@ BeginCopyTo(ParseState *pstate, CURSOR_OPT_PARALLEL_OK, NULL); /* - * With row level security and a user using "COPY relation TO", we + * With row-level security and a user using "COPY relation TO", we * have to convert the "COPY relation TO" to a query-based COPY (eg: * "COPY (SELECT * FROM relation) TO"), to allow the rewriter to add * in any RLS clauses. diff --git a/src/backend/commands/functioncmds.c b/src/backend/commands/functioncmds.c index e7cb5c65e9a..95482872174 100644 --- a/src/backend/commands/functioncmds.c +++ b/src/backend/commands/functioncmds.c @@ -1129,7 +1129,7 @@ CreateFunction(ParseState *pstate, CreateFunctionStmt *stmt) /* * Only superuser is allowed to create leakproof functions because * leakproof functions can see tuples which have not yet been filtered out - * by security barrier views or row level security policies. + * by security barrier views or row-level security policies. */ if (isLeakProof && !superuser()) ereport(ERROR, diff --git a/src/backend/executor/execMain.c b/src/backend/executor/execMain.c index 8638bd3dd96..8d0f3de76ed 100644 --- a/src/backend/executor/execMain.c +++ b/src/backend/executor/execMain.c @@ -558,7 +558,7 @@ ExecutorRewind(QueryDesc *queryDesc) * Returns true if permissions are adequate. Otherwise, throws an appropriate * error if ereport_on_violation is true, or simply returns false otherwise. * - * Note that this does NOT address row level security policies (aka: RLS). If + * Note that this does NOT address row-level security policies (aka: RLS). If * rows will be returned to the user as a result of this permission check * passing, then RLS also needs to be consulted (and check_enable_rls()). * @@ -1947,7 +1947,7 @@ ExecConstraints(ResultRelInfo *resultRelInfo, * * Note that this needs to be called multiple times to ensure that all kinds of * WITH CHECK OPTIONs are handled (both those from views which have the WITH - * CHECK OPTION set and from row level security policies). See ExecInsert() + * CHECK OPTION set and from row-level security policies). See ExecInsert() * and ExecUpdate(). */ void diff --git a/src/backend/optimizer/path/allpaths.c b/src/backend/optimizer/path/allpaths.c index 30728be85af..353454b183e 100644 --- a/src/backend/optimizer/path/allpaths.c +++ b/src/backend/optimizer/path/allpaths.c @@ -2141,7 +2141,7 @@ set_subquery_pathlist(PlannerInfo *root, RelOptInfo *rel, /* * If the subquery has the "security_barrier" flag, it means the subquery - * originated from a view that must enforce row level security. Then we + * originated from a view that must enforce row-level security. Then we * must not push down quals that contain leaky functions. (Ideally this * would be checked inside subquery_is_pushdown_safe, but since we don't * currently pass the RTE to that function, we must do it here.) diff --git a/src/backend/rewrite/rewriteHandler.c b/src/backend/rewrite/rewriteHandler.c index da78f027751..497d30d8a93 100644 --- a/src/backend/rewrite/rewriteHandler.c +++ b/src/backend/rewrite/rewriteHandler.c @@ -2159,7 +2159,7 @@ fireRIRrules(Query *parsetree, List *activeRIRs) QTW_IGNORE_RC_SUBQUERIES); /* - * Apply any row level security policies. We do this last because it + * Apply any row-level security policies. We do this last because it * requires special recursion detection if the new quals have sublink * subqueries, and if we did it in the loop above query_tree_walker would * then recurse into those quals a second time. @@ -2249,7 +2249,7 @@ fireRIRrules(Query *parsetree, List *activeRIRs) } /* - * Make sure the query is marked correctly if row level security + * Make sure the query is marked correctly if row-level security * applies, or if the new quals had sublinks. */ if (hasRowSecurity) diff --git a/src/backend/rewrite/rowsecurity.c b/src/backend/rewrite/rowsecurity.c index fc26cb23a21..e10f94904e1 100644 --- a/src/backend/rewrite/rowsecurity.c +++ b/src/backend/rewrite/rowsecurity.c @@ -1,6 +1,6 @@ /* * rewrite/rowsecurity.c - * Routines to support policies for row level security (aka RLS). + * Routines to support policies for row-level security (aka RLS). * * Policies in PostgreSQL provide a mechanism to limit what records are * returned to a user and what records a user is permitted to add to a table. @@ -100,7 +100,7 @@ row_security_policy_hook_type row_security_policy_hook_restrictive = NULL; * Get any row security quals and WithCheckOption checks that should be * applied to the specified RTE. * - * In addition, hasRowSecurity is set to true if row level security is enabled + * In addition, hasRowSecurity is set to true if row-level security is enabled * (even if this RTE doesn't have any row security quals), and hasSubLinks is * set to true if any of the quals returned contain sublinks. */ diff --git a/src/include/catalog/pg_authid.h b/src/include/catalog/pg_authid.h index 1a5c7a73c7c..609bd7fcbcc 100644 --- a/src/include/catalog/pg_authid.h +++ b/src/include/catalog/pg_authid.h @@ -38,7 +38,7 @@ CATALOG(pg_authid,1260,AuthIdRelationId) BKI_SHARED_RELATION BKI_ROWTYPE_OID(284 bool rolcreatedb; /* allowed to create databases? */ bool rolcanlogin; /* allowed to log in as session user? */ bool rolreplication; /* role used for streaming replication */ - bool rolbypassrls; /* bypasses row level security? */ + bool rolbypassrls; /* bypasses row-level security? */ int32 rolconnlimit; /* max connections allowed (-1=no limit) */ /* remaining fields may be null; use heap_getattr to read them! */ diff --git a/src/test/regress/expected/rowsecurity.out b/src/test/regress/expected/rowsecurity.out index b02a6824711..367ecace472 100644 --- a/src/test/regress/expected/rowsecurity.out +++ b/src/test/regress/expected/rowsecurity.out @@ -3514,7 +3514,7 @@ CREATE POLICY p ON t USING (c % 2 = 1); ALTER TABLE t ENABLE ROW LEVEL SECURITY; SAVEPOINT q; CREATE RULE "_RETURN" AS ON SELECT TO t DO INSTEAD - SELECT * FROM generate_series(1,5) t0(c); -- fails due to row level security enabled + SELECT * FROM generate_series(1,5) t0(c); -- fails due to row-level security enabled ERROR: could not convert table "t" to a view because it has row security enabled ROLLBACK TO q; ALTER TABLE t DISABLE ROW LEVEL SECURITY; diff --git a/src/test/regress/sql/rowsecurity.sql b/src/test/regress/sql/rowsecurity.sql index d7a5a36cf86..281ae74b9ca 100644 --- a/src/test/regress/sql/rowsecurity.sql +++ b/src/test/regress/sql/rowsecurity.sql @@ -1445,7 +1445,7 @@ ALTER TABLE t ENABLE ROW LEVEL SECURITY; SAVEPOINT q; CREATE RULE "_RETURN" AS ON SELECT TO t DO INSTEAD - SELECT * FROM generate_series(1,5) t0(c); -- fails due to row level security enabled + SELECT * FROM generate_series(1,5) t0(c); -- fails due to row-level security enabled ROLLBACK TO q; ALTER TABLE t DISABLE ROW LEVEL SECURITY;