Add support for restrictive RLS policies

We have had support for restrictive RLS policies since 9.5, but they were only available through extensions which use the appropriate hooks. This adds support into the grammer, catalog, psql and pg_dump for restrictive RLS policies, thus reducing the cases where an extension is necessary. In passing, also move away from using "AND"d and "OR"d in comments. As pointed out by Alvaro, it's not really appropriate to attempt to make verbs out of "AND" and "OR", so reword those comments which attempted to. Reviewed By: Jeevan Chalke, Dean Rasheed Discussion: https://postgr.es/m/20160901063404.GY4028@tamriel.snowman.net
author: Stephen Frost 2016-12-05 20:50:55 +0000
committer: Stephen Frost 2016-12-05 20:50:55 +0000
commit: 093129c9d9fc231649b3cc27b8086443ccbbbc22 (patch)
tree: 5e41352a48f7a33a68687623da2fb48dce9b9174 /src/include/rewrite
parent: 2bbdc6875d03bb826a4fd113eac45a72c68bc929 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/include/rewrite/rowsecurity.h b/src/include/rewrite/rowsecurity.h
index fd0cbaff596..2f3db8cf415 100644
--- a/src/include/rewrite/rowsecurity.h
+++ b/src/include/rewrite/rowsecurity.h
@@ -22,6 +22,7 @@ typedef struct RowSecurityPolicy
 	char	   *policy_name;	/* Name of the policy */
 	char		polcmd;			/* Type of command policy is for */
 	ArrayType  *roles;			/* Array of roles policy is for */
+	bool		permissive;		/* restrictive or permissive policy */
 	Expr	   *qual;			/* Expression to filter rows */
 	Expr	   *with_check_qual;	/* Expression to limit rows allowed */
 	bool		hassublinks;	/* If either expression has sublinks */
author	Stephen Frost	2016-12-05 20:50:55 +0000
committer	Stephen Frost	2016-12-05 20:50:55 +0000
commit	093129c9d9fc231649b3cc27b8086443ccbbbc22 (patch)
tree	5e41352a48f7a33a68687623da2fb48dce9b9174 /src/include/rewrite
parent	2bbdc6875d03bb826a4fd113eac45a72c68bc929 (diff)