diff options
author | Joe Conway <mail@joeconway.com> | 2016-12-22 17:56:50 -0800 |
---|---|---|
committer | Joe Conway <mail@joeconway.com> | 2016-12-22 17:56:50 -0800 |
commit | 0a85c102254b72ec7ce16bc504206a1a5c84bd76 (patch) | |
tree | c21832db2fe01005d3a45fed1872cac642021f0e | |
parent | 2ac3ef7a01df859c62d0a02333b646d65eaec5ff (diff) | |
download | postgresql-0a85c102254b72ec7ce16bc504206a1a5c84bd76.tar.gz postgresql-0a85c102254b72ec7ce16bc504206a1a5c84bd76.zip |
Improve RLS documentation with respect to COPY
Documentation for pg_restore said COPY TO does not support row security
when in fact it should say COPY FROM. Fix that.
While at it, make it clear that "COPY FROM" does not allow RLS to be
enabled and INSERT should be used instead. Also that SELECT policies
will apply to COPY TO statements.
Back-patch to 9.5 where RLS first appeared.
Author: Joe Conway
Reviewed-By: Dean Rasheed and Robert Haas
Discussion: https://postgr.es/m/5744FA24.3030008%40joeconway.com
-rw-r--r-- | doc/src/sgml/ref/copy.sgml | 9 | ||||
-rw-r--r-- | doc/src/sgml/ref/pg_dump.sgml | 5 | ||||
-rw-r--r-- | doc/src/sgml/ref/pg_restore.sgml | 2 |
3 files changed, 15 insertions, 1 deletions
diff --git a/doc/src/sgml/ref/copy.sgml b/doc/src/sgml/ref/copy.sgml index 2477a872e88..7ff62f2a821 100644 --- a/doc/src/sgml/ref/copy.sgml +++ b/doc/src/sgml/ref/copy.sgml @@ -425,6 +425,15 @@ COPY <replaceable class="parameter">count</replaceable> </para> <para> + If row-level security is enabled for the table, the relevant + <command>SELECT</command> policies will apply to <literal>COPY + <replaceable class="parameter">table</> TO</literal> statements. + Currently, <command>COPY FROM</command> is not supported for tables + with row-level security. Use equivalent <command>INSERT</command> + statements instead. + </para> + + <para> Files named in a <command>COPY</command> command are read or written directly by the server, not by the client application. Therefore, they must reside on or be accessible to the database server machine, diff --git a/doc/src/sgml/ref/pg_dump.sgml b/doc/src/sgml/ref/pg_dump.sgml index f6225d23c80..b70e7d57e95 100644 --- a/doc/src/sgml/ref/pg_dump.sgml +++ b/doc/src/sgml/ref/pg_dump.sgml @@ -718,6 +718,11 @@ PostgreSQL documentation to dump the parts of the contents of the table that they have access to. </para> + <para> + Note that if you use this option currently, you probably also want + the dump be in <command>INSERT</command> format, as the + <command>COPY FROM</command> during restore does not support row security. + </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/ref/pg_restore.sgml b/doc/src/sgml/ref/pg_restore.sgml index bd5b4053145..44f05150661 100644 --- a/doc/src/sgml/ref/pg_restore.sgml +++ b/doc/src/sgml/ref/pg_restore.sgml @@ -543,7 +543,7 @@ <para> Note that this option currently also requires the dump be in <command>INSERT</command> - format, as <command>COPY TO</command> does not support row security. + format, as <command>COPY FROM</command> does not support row security. </para> </listitem> </varlistentry> |