Commit 0a85c102 authored by Joe Conway's avatar Joe Conway

Improve RLS documentation with respect to COPY

Documentation for pg_restore said COPY TO does not support row security
when in fact it should say COPY FROM. Fix that.

While at it, make it clear that "COPY FROM" does not allow RLS to be
enabled and INSERT should be used instead. Also that SELECT policies
will apply to COPY TO statements.

Back-patch to 9.5 where RLS first appeared.

Author: Joe Conway
Reviewed-By: Dean Rasheed and Robert Haas
Discussion: https://postgr.es/m/5744FA24.3030008%40joeconway.com
parent 2ac3ef7a
...@@ -424,6 +424,15 @@ COPY <replaceable class="parameter">count</replaceable> ...@@ -424,6 +424,15 @@ COPY <replaceable class="parameter">count</replaceable>
to have column privileges on the column(s) listed in the command. to have column privileges on the column(s) listed in the command.
</para> </para>
<para>
If row-level security is enabled for the table, the relevant
<command>SELECT</command> policies will apply to <literal>COPY
<replaceable class="parameter">table</> TO</literal> statements.
Currently, <command>COPY FROM</command> is not supported for tables
with row-level security. Use equivalent <command>INSERT</command>
statements instead.
</para>
<para> <para>
Files named in a <command>COPY</command> command are read or written Files named in a <command>COPY</command> command are read or written
directly by the server, not by the client application. Therefore, directly by the server, not by the client application. Therefore,
......
...@@ -718,6 +718,11 @@ PostgreSQL documentation ...@@ -718,6 +718,11 @@ PostgreSQL documentation
to dump the parts of the contents of the table that they have access to. to dump the parts of the contents of the table that they have access to.
</para> </para>
<para>
Note that if you use this option currently, you probably also want
the dump be in <command>INSERT</command> format, as the
<command>COPY FROM</command> during restore does not support row security.
</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
......
...@@ -543,7 +543,7 @@ ...@@ -543,7 +543,7 @@
<para> <para>
Note that this option currently also requires the dump be in <command>INSERT</command> Note that this option currently also requires the dump be in <command>INSERT</command>
format, as <command>COPY TO</command> does not support row security. format, as <command>COPY FROM</command> does not support row security.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment