doc: Clarify RLS policies applied for ON CONFLICT DO NOTHING.

On the CREATE POLICY page, the description of per-command policies
stated that SELECT policies are applied when an INSERT has an ON
CONFLICT DO NOTHING clause. However, that is only the case if it
includes an arbiter clause, so clarify that.

While at it, also clarify the comment in the regression tests that
cover this.

Author: Dean Rasheed <dean.a.rasheed@gmail.com>
Reviewed-by: Viktor Holmberg <v@viktorh.net>
Discussion: https://postgr.es/m/CAEZATCXGwMQ+x00YY9XYG46T0kCajH=21QaYL9Xatz0dLKii+g@mail.gmail.com
Backpatch-through: 14

diff --git a/doc/src/sgml/ref/create_policy.sgml b/doc/src/sgml/ref/create_policy.sgml
index 42d43ad7bf4149ee36df85c3aa9f4ead03588018..9065ccb65f9008a8fbd9ff3a60ad832ced3e76c9 100644 (file)
--- a/doc/src/sgml/ref/create_policy.sgml
+++ b/doc/src/sgml/ref/create_policy.sgml
@@ -294,7 +294,9 @@ CREATE POLICY <replaceable class="parameter">name</replaceable> ON <replaceable
        </para>
        <para>
          If an <literal>INSERT</literal> has an <literal>ON CONFLICT DO
-         NOTHING/UPDATE</literal> clause, <literal>SELECT</literal>
+         UPDATE</literal> clause, or an <literal>ON CONFLICT DO
+         NOTHING</literal> clause with an arbiter index or constraint
+         specification, then <literal>SELECT</literal>
          permissions are required on the relation, and the rows proposed for
          insertion are checked using the relation's <literal>SELECT</literal>
          policies.  If a row proposed for insertion does not satisfy the
@@ -540,7 +542,11 @@ CREATE POLICY <replaceable class="parameter">name</replaceable> ON <replaceable
       <row>
        <entry><command>INSERT ... ON CONFLICT</command></entry>
        <entry>
-        Check new row&nbsp;<footnote id="rls-on-conflict-priv">
+        Check new row&nbsp;<footnote>
+         <para>
+          If an arbiter index or constraint is specified.
+         </para>
+        </footnote><footnote id="rls-on-conflict-priv">
          <para>
           Row proposed for insertion is checked regardless of whether or not a
           conflict occurs.

diff --git a/src/test/regress/expected/rowsecurity.out b/src/test/regress/expected/rowsecurity.out
index c958ef4d70a11e677a8735865a3a561b415b868f..e17f9188dfa9c31b854d9c4ba83bb7d2a3531ebf 100644 (file)
--- a/src/test/regress/expected/rowsecurity.out
+++ b/src/test/regress/expected/rowsecurity.out
@@ -170,8 +170,9 @@ NOTICE:  SELECT USING on rls_test_tgt.(1,"tgt d","TGT D")
  1 | tgt d | TGT D
 (1 row)
 
--- INSERT ... ON CONFLICT DO NOTHING should apply INSERT CHECK and SELECT USING
--- policy clauses (to new value, whether it conflicts or not)
+-- INSERT ... ON CONFLICT DO NOTHING with an arbiter clause should apply
+-- INSERT CHECK and SELECT USING policy clauses (to new value, whether it
+-- conflicts or not)
 INSERT INTO rls_test_tgt VALUES (1, 'tgt a') ON CONFLICT (a) DO NOTHING;
 NOTICE:  INSERT CHECK on rls_test_tgt.(1,"tgt a","TGT A")
 NOTICE:  SELECT USING on rls_test_tgt.(1,"tgt a","TGT A")

diff --git a/src/test/regress/sql/rowsecurity.sql b/src/test/regress/sql/rowsecurity.sql
index 5d923c5ca3bcb2da7999f018de954a09e341115a..fb6502d497f515ac19d60dd58baa46c4193a1e9b 100644 (file)
--- a/src/test/regress/sql/rowsecurity.sql
+++ b/src/test/regress/sql/rowsecurity.sql
@@ -121,8 +121,9 @@ BEGIN; DELETE FROM rls_test_tgt; ROLLBACK;
 BEGIN; DELETE FROM rls_test_tgt WHERE a = 1; ROLLBACK;
 DELETE FROM rls_test_tgt RETURNING *;
 
--- INSERT ... ON CONFLICT DO NOTHING should apply INSERT CHECK and SELECT USING
--- policy clauses (to new value, whether it conflicts or not)
+-- INSERT ... ON CONFLICT DO NOTHING with an arbiter clause should apply
+-- INSERT CHECK and SELECT USING policy clauses (to new value, whether it
+-- conflicts or not)
 INSERT INTO rls_test_tgt VALUES (1, 'tgt a') ON CONFLICT (a) DO NOTHING;
 INSERT INTO rls_test_tgt VALUES (1, 'tgt b') ON CONFLICT (a) DO NOTHING;