On Mon, Nov 3, 2025 at 7:22 PM Dean Rasheed <dean.a.rasheed@gmail.com> wrote:
>
> Yeah, reading through the text on that page in more detail, there are
> a number of other omissions, or places that aren't quite fully
> correct, so I've gone through those and attempted to improve things.
>
> Also, I think it would be better if the table made the distinction
> between policy checks that just filter out rows, without throwing an
> error, and checks that do cause an error to be thrown.
>
> v4 attached.
>
some of the <literal> can be replaced by <command>, for example:
+ A <literal>MERGE</literal> command requires <literal>SELECT</literal>
+ permissions on both the source and target relations, and so each
currently the visual appearance is the same, I guess it's not a big deal.
(Table 300. Policies Applied by Command Type) is way more intuitive.
overall looks good to me.
