=?utf-8?B?0J7Qu9C10LMg0KHQsNC80L7QudC70L7Qsg==?= <splarv@xxxxx> writes: > PostgreSQL 10 (in 11 the same > https://www.postgresql.org/docs/10/static/ddl-rowsecurity.html > cite > To use a different policy for rows that are being added to the table > compared to those rows that are visible, the WITH CHECK clause can be used. > This policy would allow all users to view all rows in the users table, but > only modify their own: > CREATE POLICY user_policy ON users > USING (true) > WITH CHECK (user_name = current_user); > end cite > This is is wrong description. Every one can steal other row with such > policy. Yup, you're right, this is too simple. > The right statement to not allow modify rows by other user will be > CREATE POLICY user_policy ON users > USING (user_name = current_user) > WITH CHECK (user_name = current_user); Well, that also hides the other users' rows, which is not what the example claims to do. To make it work as documented, we need something like CREATE POLICY user_sel_policy ON users FOR SELECT USING (true); CREATE POLICY user_mod_policy ON users USING (user_name = current_user); I've pushed a patch along that line. Thanks for the report! regards, tom lane
