diff options
| author | Stephen Frost <sfrost@snowman.net> | 2015-10-04 21:05:18 -0400 |
|---|---|---|
| committer | Stephen Frost <sfrost@snowman.net> | 2015-10-04 21:05:18 -0400 |
| commit | 90f334d2ca1a8bae2d0cd8a0898fb8ef90257565 (patch) | |
| tree | 2619e5544fbeb3ae65c462a3a9dd3f1a97d8ca11 /doc/src/sgml/ref | |
| parent | e78dc6b829219cacaccc59957b5375585e919099 (diff) | |
ALTER TABLE .. FORCE ROW LEVEL SECURITY
To allow users to force RLS to always be applied, even for table owners,
add ALTER TABLE .. FORCE ROW LEVEL SECURITY.
row_security=off overrides FORCE ROW LEVEL SECURITY, to ensure pg_dump
output is complete (by default).
Also add SECURITY_NOFORCE_RLS context to avoid data corruption when
ALTER TABLE .. FORCE ROW SECURITY is being used. The
SECURITY_NOFORCE_RLS security context is used only during referential
integrity checks and is only considered in check_enable_rls() after we
have already checked that the current user is the owner of the relation
(which should always be the case during referential integrity checks).
Back-patch to 9.5 where RLS was added.
Diffstat (limited to 'doc/src/sgml/ref')
| -rw-r--r-- | doc/src/sgml/ref/alter_table.sgml | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/doc/src/sgml/ref/alter_table.sgml b/doc/src/sgml/ref/alter_table.sgml index 776401fc205..9fea2702bac 100644 --- a/doc/src/sgml/ref/alter_table.sgml +++ b/doc/src/sgml/ref/alter_table.sgml @@ -61,6 +61,8 @@ ALTER TABLE ALL IN TABLESPACE <replaceable class="PARAMETER">name</replaceable> ENABLE ALWAYS RULE <replaceable class="PARAMETER">rewrite_rule_name</replaceable> DISABLE ROW LEVEL SECURITY ENABLE ROW LEVEL SECURITY + FORCE ROW LEVEL SECURITY + NO FORCE ROW LEVEL SECURITY CLUSTER ON <replaceable class="PARAMETER">index_name</replaceable> SET WITHOUT CLUSTER SET WITH OIDS @@ -432,6 +434,21 @@ ALTER TABLE ALL IN TABLESPACE <replaceable class="PARAMETER">name</replaceable> </varlistentry> <varlistentry> + <term><literal>NO FORCE</literal>/<literal>FORCE ROW LEVEL SECURITY</literal></term> + <listitem> + <para> + These forms control the application of row security policies belonging + to the table when the user is the table owner. If enabled, row level + security policies will be applied when the user is the table owner. If + disabled (the default) then row level security will not be applied when + the user is the table owner. + See also + <xref linkend="SQL-CREATEPOLICY">. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term><literal>CLUSTER ON</literal></term> <listitem> <para> |