RLS comment fixes.

The comments in get_policies_for_relation() say that CREATE POLICY
does not support defining restrictive policies. This is no longer
true, starting from PG10.

diff --git a/src/backend/rewrite/rowsecurity.c b/src/backend/rewrite/rowsecurity.c
index a0cd6b1075d15eb9ca9924aac675e8777661c26d..5bd33f7ba41e3db158bc72b7223f24ed973c4e53 100644 (file)
--- a/src/backend/rewrite/rowsecurity.c
+++ b/src/backend/rewrite/rowsecurity.c
@@ -408,11 +408,7 @@ get_policies_for_relation(Relation relation, CmdType cmd, Oid user_id,
    *permissive_policies = NIL;
    *restrictive_policies = NIL;
 
-   /*
-    * First find all internal policies for the relation.  CREATE POLICY does
-    * not currently support defining restrictive policies, so for now all
-    * internal policies are permissive.
-    */
+   /* First find all internal policies for the relation. */
    foreach(item, relation->rd_rsdesc->policies)
    {
        bool        cmd_matches = false;
@@ -450,7 +446,7 @@ get_policies_for_relation(Relation relation, CmdType cmd, Oid user_id,
        }
 
        /*
-        * Add this policy to the list of permissive policies if it applies to
+        * Add this policy to the relevant list of policies if it applies to
         * the specified role.
         */
        if (cmd_matches && check_role_for_policy(policy->roles, user_id))