Dean Rasheed <dean.a.rasheed@gmail.com> writes:
> On Tue, 24 Oct 2023 at 09:36, Laurenz Albe <laurenz.albe@cybertec.at> wrote:
>> I'd say that this error is wrong. The FOR SELECT policy should be applied
>> to the WHERE condition, but certainly not to check new rows.
> Yes, I had the same thought recently. I would say that the SELECT
> policies should only be used to check new rows if the UPDATE has a
> RETURNING clause and SELECT permissions are required on the target
> relation.
> In other words, it should be OK to UPDATE a row to new values that are
> not visible according to the table's SELECT policies, provided that
> the UPDATE command does not attempt to return those new values. That
> would be consistent with what we do for INSERT.
> Note, that the current behaviour goes back a long way, though it's not
> quite clear whether this was intentional [1].
I'm fairly sure that it was intentional, but I don't recall the
reasoning; perhaps Stephen does. In any case, I grasp your point
that maybe we should distinguish RETURNING from not-RETURNING cases.
regards, tom lane