From 3d18d628b45c683857fb1ab40a6b66c75495fb13 Mon Sep 17 00:00:00 2001 From: Christian Butcher Date: Mon, 3 Nov 2025 13:13:43 +0900 Subject: [PATCH 1/2] Correct combined access policy logic Fix logic bug in access policy description. --- docs/0006_multiple_permissive_policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/0006_multiple_permissive_policies.md b/docs/0006_multiple_permissive_policies.md index 0d12ff4..0b98025 100644 --- a/docs/0006_multiple_permissive_policies.md +++ b/docs/0006_multiple_permissive_policies.md @@ -54,7 +54,7 @@ create policy consolidated_access on employee_data for select using ( department = current_user_department() - or grade_level >= current_user_grade_level() + and grade_level <= current_user_grade_level() ); ``` From f7ba62c6e5bd2dcbf977bc6870782e296741654f Mon Sep 17 00:00:00 2001 From: Christian Butcher Date: Mon, 3 Nov 2025 13:17:52 +0900 Subject: [PATCH 2/2] Fix typo One-letter typo, added as I already have a PR open for this file. --- docs/0006_multiple_permissive_policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/0006_multiple_permissive_policies.md b/docs/0006_multiple_permissive_policies.md index 0b98025..8bdf9b4 100644 --- a/docs/0006_multiple_permissive_policies.md +++ b/docs/0006_multiple_permissive_policies.md @@ -42,7 +42,7 @@ create policy grade_level_access on employee_data using (grade_level <= current_user_grade_level()); ``` -The implementation contains a logic error. As written, every employee can see `employee_data` for every other employee within their departemnt. Similarly, every employee can see every other employee's data at or below their own grade level. +The implementation contains a logic error. As written, every employee can see `employee_data` for every other employee within their department. Similarly, every employee can see every other employee's data at or below their own grade level. To address this issue, we can combine the two policies.