Skip to content

Commit 0a85c10

Browse files
jconwayjconway
committed
Improve RLS documentation with respect to COPY
Documentation for pg_restore said COPY TO does not support row security when in fact it should say COPY FROM. Fix that. While at it, make it clear that "COPY FROM" does not allow RLS to be enabled and INSERT should be used instead. Also that SELECT policies will apply to COPY TO statements. Back-patch to 9.5 where RLS first appeared. Author: Joe Conway Reviewed-By: Dean Rasheed and Robert Haas Discussion: https://postgr.es/m/5744FA24.3030008%40joeconway.com
1 parent 2ac3ef7 commit 0a85c10

File tree

3 files changed

+15
-1
lines changed

3 files changed

+15
-1
lines changed

doc/src/sgml/ref/copy.sgml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -424,6 +424,15 @@ COPY <replaceable class="parameter">count</replaceable>
424424
to have column privileges on the column(s) listed in the command.
425425
</para>
426426

427+
<para>
428+
If row-level security is enabled for the table, the relevant
429+
<command>SELECT</command> policies will apply to <literal>COPY
430+
<replaceable class="parameter">table</> TO</literal> statements.
431+
Currently, <command>COPY FROM</command> is not supported for tables
432+
with row-level security. Use equivalent <command>INSERT</command>
433+
statements instead.
434+
</para>
435+
427436
<para>
428437
Files named in a <command>COPY</command> command are read or written
429438
directly by the server, not by the client application. Therefore,

doc/src/sgml/ref/pg_dump.sgml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -718,6 +718,11 @@ PostgreSQL documentation
718718
to dump the parts of the contents of the table that they have access to.
719719
</para>
720720

721+
<para>
722+
Note that if you use this option currently, you probably also want
723+
the dump be in <command>INSERT</command> format, as the
724+
<command>COPY FROM</command> during restore does not support row security.
725+
</para>
721726
</listitem>
722727
</varlistentry>
723728

doc/src/sgml/ref/pg_restore.sgml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -543,7 +543,7 @@
543543

544544
<para>
545545
Note that this option currently also requires the dump be in <command>INSERT</command>
546-
format, as <command>COPY TO</command> does not support row security.
546+
format, as <command>COPY FROM</command> does not support row security.
547547
</para>
548548
</listitem>
549549
</varlistentry>

0 commit comments

Comments
 (0)