mirror of
https://github.com/postgres/postgres.git
synced 2025-12-19 17:02:53 +03:00
ff27fcfa0a
Andres pointed out that there was an extra ';' in equalPolicies, which made me realize that my prior testing with CLOBBER_CACHE_ALWAYS was insufficient (it didn't always catch the issue, just most of the time). Thanks to that, a different issue was discovered, specifically in equalRSDescs. This change corrects eqaulRSDescs to return 'true' once all policies have been confirmed logically identical. After stepping through both functions to ensure correct behavior, I ran this for about 12 hours of CLOBBER_CACHE_ALWAYS runs of the regression tests with no failures. In addition, correct a few typos in the documentation which were pointed out by Thom Brown (thanks!) and improve the policy documentation further by adding a flushed out usage example based on a unix passwd file. Lastly, clean up a few comments in the regression tests and pg_dump.h.
136 lines
3.8 KiB
Plaintext
136 lines
3.8 KiB
Plaintext
<!--
|
|
doc/src/sgml/ref/alter_policy.sgml
|
|
PostgreSQL documentation
|
|
-->
|
|
|
|
<refentry id="SQL-ALTERPOLICY">
|
|
<indexterm zone="sql-alterpolicy">
|
|
<primary>ALTER POLICY</primary>
|
|
</indexterm>
|
|
|
|
<refmeta>
|
|
<refentrytitle>ALTER POLICY</refentrytitle>
|
|
<manvolnum>7</manvolnum>
|
|
<refmiscinfo>SQL - Language Statements</refmiscinfo>
|
|
</refmeta>
|
|
|
|
<refnamediv>
|
|
<refname>ALTER POLICY</refname>
|
|
<refpurpose>change the definition of a row-security policy</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv>
|
|
<synopsis>
|
|
ALTER POLICY <replaceable class="parameter">name</replaceable> ON <replaceable class="parameter">table_name</replaceable>
|
|
[ RENAME TO <replaceable class="PARAMETER">new_name</replaceable> ]
|
|
[ TO { <replaceable class="parameter">role_name</replaceable> | PUBLIC } [, ...] ]
|
|
[ USING ( <replaceable class="parameter">expression</replaceable> ) ]
|
|
[ WITH CHECK ( <replaceable class="parameter">check_expression</replaceable> ) ]
|
|
</synopsis>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1>
|
|
<title>Description</title>
|
|
|
|
<para>
|
|
<command>ALTER POLICY</command> changes the <replaceable class="parameter">
|
|
definition</replaceable> of an existing row-security policy.
|
|
</para>
|
|
|
|
<para>
|
|
To use <command>ALTER POLICY</command>, you must own the table that
|
|
the policy applies to.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Parameters</title>
|
|
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term><replaceable class="parameter">name</replaceable></term>
|
|
<listitem>
|
|
<para>
|
|
The name of an existing policy to alter.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><replaceable class="parameter">table_name</replaceable></term>
|
|
<listitem>
|
|
<para>
|
|
The name (optionally schema-qualified) of the table that the
|
|
policy is on.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><replaceable class="parameter">new_name</replaceable></term>
|
|
<listitem>
|
|
<para>
|
|
The new name for the policy.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><replaceable class="parameter">role_name</replaceable></term>
|
|
<listitem>
|
|
<para>
|
|
The role to which the policy applies. Multiple roles can be specified at one time.
|
|
To apply the policy to all roles, use <literal>PUBLIC</literal>, which is also
|
|
the default.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><replaceable class="parameter">expression</replaceable></term>
|
|
<listitem>
|
|
<para>
|
|
The USING expression for the policy. This expression will be added as a
|
|
security-barrier qualification to queries which use the table
|
|
automatically. If multiple policies are being applied for a given
|
|
table then they are all combined and added using OR. The USING
|
|
expression applies to records which are being retrieved from the table.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><replaceable class="parameter">check_expression</replaceable></term>
|
|
<listitem>
|
|
<para>
|
|
The with-check expression for the policy. This expression will be
|
|
added as a WITH CHECK OPTION qualification to queries which use the
|
|
table automatically. If multiple policies are being applied for a
|
|
given table then they are all combined and added using OR. The WITH
|
|
CHECK expression applies to records which are being added to the table.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Compatibility</title>
|
|
|
|
<para>
|
|
<command>ALTER POLICY</command> is a <productname>PostgreSQL</productname> extension.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>See Also</title>
|
|
|
|
<simplelist type="inline">
|
|
<member><xref linkend="sql-createpolicy"></member>
|
|
<member><xref linkend="sql-droppolicy"></member>
|
|
</simplelist>
|
|
</refsect1>
|
|
|
|
</refentry>
|