Policies can be applied for specific commands or for specific roles. The
default for newly created policies is that they apply for all commands and
roles, unless otherwise specified. If multiple policies apply to a given
- query, they will be combined using OR.
+ query, they will be combined using OR. Further, for commands which can have
+ both USING and WITH CHECK policies (ALL and UPDATE), if no WITH CHECK policy
+ is defined then the USING policy will be used for both what rows are visible
+ (normal USING case) and which rows will be allowed to be added (WITH CHECK
+ case).
</para>
<para>
(using the WITH CHECK expression, if defined, and the USING expression
otherwise). If an INSERT or UPDATE command attempts to add rows to
the table which do not pass the <literal>ALL</literal> WITH CHECK
- (or USING, if no WITH CHECK expression is defined) expression, the
- command will error.
+ expression, the entire command will be aborted. Note that if only a
+ <literal>USING</literal> clause is specified then that clause will be
+ used for both <literal>USING</literal> and
+ <literal>WITH CHECK</literal> cases.
</para>
</listitem>
</varlistentry>
relation (similar to the <literal>INSERT</literal> policy).
Any rows whose resulting values do not pass the
<literal>WITH CHECK</literal> expression will cause an ERROR and the
- entire command will be aborted.
+ entire command will be aborted. Note that if only a
+ <literal>USING</literal> clause is specified then that clause will be
+ used for both <literal>USING</literal> and
+ <literal>WITH CHECK</literal> cases.
</para>
</listitem>
</varlistentry>
projects / postgresql.git / commitdiff