aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoe Conway <mail@joeconway.com>2016-12-22 17:56:50 -0800
committerJoe Conway <mail@joeconway.com>2016-12-22 17:56:50 -0800
commit0a85c102254b72ec7ce16bc504206a1a5c84bd76 (patch)
treec21832db2fe01005d3a45fed1872cac642021f0e
parent2ac3ef7a01df859c62d0a02333b646d65eaec5ff (diff)
downloadpostgresql-0a85c102254b72ec7ce16bc504206a1a5c84bd76.tar.gz
postgresql-0a85c102254b72ec7ce16bc504206a1a5c84bd76.zip
Improve RLS documentation with respect to COPY
Documentation for pg_restore said COPY TO does not support row security when in fact it should say COPY FROM. Fix that. While at it, make it clear that "COPY FROM" does not allow RLS to be enabled and INSERT should be used instead. Also that SELECT policies will apply to COPY TO statements. Back-patch to 9.5 where RLS first appeared. Author: Joe Conway Reviewed-By: Dean Rasheed and Robert Haas Discussion: https://postgr.es/m/5744FA24.3030008%40joeconway.com
-rw-r--r--doc/src/sgml/ref/copy.sgml9
-rw-r--r--doc/src/sgml/ref/pg_dump.sgml5
-rw-r--r--doc/src/sgml/ref/pg_restore.sgml2
3 files changed, 15 insertions, 1 deletions
diff --git a/doc/src/sgml/ref/copy.sgml b/doc/src/sgml/ref/copy.sgml
index 2477a872e88..7ff62f2a821 100644
--- a/doc/src/sgml/ref/copy.sgml
+++ b/doc/src/sgml/ref/copy.sgml
@@ -425,6 +425,15 @@ COPY <replaceable class="parameter">count</replaceable>
</para>
<para>
+ If row-level security is enabled for the table, the relevant
+ <command>SELECT</command> policies will apply to <literal>COPY
+ <replaceable class="parameter">table</> TO</literal> statements.
+ Currently, <command>COPY FROM</command> is not supported for tables
+ with row-level security. Use equivalent <command>INSERT</command>
+ statements instead.
+ </para>
+
+ <para>
Files named in a <command>COPY</command> command are read or written
directly by the server, not by the client application. Therefore,
they must reside on or be accessible to the database server machine,
diff --git a/doc/src/sgml/ref/pg_dump.sgml b/doc/src/sgml/ref/pg_dump.sgml
index f6225d23c80..b70e7d57e95 100644
--- a/doc/src/sgml/ref/pg_dump.sgml
+++ b/doc/src/sgml/ref/pg_dump.sgml
@@ -718,6 +718,11 @@ PostgreSQL documentation
to dump the parts of the contents of the table that they have access to.
</para>
+ <para>
+ Note that if you use this option currently, you probably also want
+ the dump be in <command>INSERT</command> format, as the
+ <command>COPY FROM</command> during restore does not support row security.
+ </para>
</listitem>
</varlistentry>
diff --git a/doc/src/sgml/ref/pg_restore.sgml b/doc/src/sgml/ref/pg_restore.sgml
index bd5b4053145..44f05150661 100644
--- a/doc/src/sgml/ref/pg_restore.sgml
+++ b/doc/src/sgml/ref/pg_restore.sgml
@@ -543,7 +543,7 @@
<para>
Note that this option currently also requires the dump be in <command>INSERT</command>
- format, as <command>COPY TO</command> does not support row security.
+ format, as <command>COPY FROM</command> does not support row security.
</para>
</listitem>
</varlistentry>