rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improve markup for row_security. 

Wrap the literals on, off, force, and BYPASSRLS with appropriate
markup. Per Kevin Grittner.
This commit is contained in:
Joe Conway 2015-07-25 17:46:04 -07:00
parent d9476b8380
commit cf80ddee57
1 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
doc/src/sgml/config.sgml
View File

@ -5568,20 +5568,22 @@ COPY postgres_log FROM '/full/path/to/logfile.csv' WITH csv;
<para> <para>
This variable controls if row security policies are to be applied This variable controls if row security policies are to be applied
to queries which are run against tables that have row security enabled. to queries which are run against tables that have row security enabled.
The default is 'on'. When set to 'on', all users, except superusers The default is <literal>on</>. When set to <literal>on</>, all users,
and the owner of the table, will have the row policies for the table except superusers and the owner of the table, will have the row
applied to their queries. The table owner and superuser can request policies for the table applied to their queries. The table owner and
that row policies be applied to their queries by setting this to superuser can request that row policies be applied to their queries by
'force'. Lastly, this can also be set to 'off' which will bypass row setting this to <literal>force</>. Lastly, this can also be set to
policies for the table, if possible, and error if not. <literal>off</> which will bypass row policies for the table, if
possible, and error if not.
</para> </para>
<para> <para>
For a user who is not a superuser and not the table owner to bypass For a user who is not a superuser and not the table owner to bypass
row policies for the table, they must have the BYPASSRLS role attribute. row policies for the table, they must have the <literal>BYPASSRLS</>
If this is set to 'off' and the user queries a table which has row role attribute. If this is set to <literal>off</> and the user queries
policies enabled and the user does not have the right to bypass a table which has row policies enabled and the user does not have the
row policies then a permission denied error will be returned. right to bypass row policies then a permission denied error will be
returned.
</para> </para>
<para> <para>