Rename pg_rowsecurity -> pg_policy and other fixes

As pointed out by Robert, we should really have named pg_rowsecurity
pg_policy, as the objects stored in that catalog are policies.  This
patch fixes that and updates the column names to start with 'pol' to
match the new catalog name.

The security consideration for COPY with row level security, also
pointed out by Robert, has also been addressed by remembering and
re-checking the OID of the relation initially referenced during COPY
processing, to make sure it hasn't changed under us by the time we
finish planning out the query which has been built.

Robert and Alvaro also commented on missing OCLASS and OBJECT entries
for POLICY (formerly ROWSECURITY or POLICY, depending) in various
places.  This patch fixes that too, which also happens to add the
ability to COMMENT on policies.

In passing, attempt to improve the consistency of messages, comments,
and documentation as well.  This removes various incarnations of
'row-security', 'row-level security', 'Row-security', etc, in favor
of 'policy', 'row level security' or 'row_security' as appropriate.

Happy Thanksgiving!

7 files changed, 133 insertions, 141 deletions

diff --git a/src/bin/pg_dump/common.c b/src/bin/pg_dump/common.c
index 8bfc604eab..1269ec3b28 100644
--- a/src/bin/pg_dump/common.c
+++ b/src/bin/pg_dump/common.c
@@ -248,8 +248,8 @@ getSchemaData(Archive *fout, DumpOptions *dopt, int *numTablesPtr)
 	getRules(fout, &numRules);
 
 	if (g_verbose)
-		write_msg(NULL, "reading row-security policies\n");
-	getRowSecurity(fout, tblinfo, numTables);
+		write_msg(NULL, "reading policies\n");
+	getPolicies(fout, tblinfo, numTables);
 
 	*numTablesPtr = numTables;
 	return tblinfo;
diff --git a/src/bin/pg_dump/pg_backup_archiver.c b/src/bin/pg_dump/pg_backup_archiver.c
index 1a2ebcb1f4..43065e84b2 100644
--- a/src/bin/pg_dump/pg_backup_archiver.c
+++ b/src/bin/pg_dump/pg_backup_archiver.c
@@ -3328,6 +3328,7 @@ _printTocEntry(ArchiveHandle *AH, TocEntry *te, RestoreOptions *ropt, bool isDat
 				 strcmp(te->desc, "RULE") == 0 ||
 				 strcmp(te->desc, "TRIGGER") == 0 ||
 				 strcmp(te->desc, "ROW SECURITY") == 0 ||
+				 strcmp(te->desc, "POLICY") == 0 ||
 				 strcmp(te->desc, "USER MAPPING") == 0)
 		{
 			/* these object types don't have separate owners */
diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c
index 69d359458b..4175ddc823 100644
--- a/src/bin/pg_dump/pg_dump.c
+++ b/src/bin/pg_dump/pg_dump.c
@@ -233,7 +233,7 @@ static char *myFormatType(const char *typname, int32 typmod);
 static void getBlobs(Archive *fout);
 static void dumpBlob(Archive *fout, DumpOptions *dopt, BlobInfo *binfo);
 static int	dumpBlobs(Archive *fout, DumpOptions *dopt, void *arg);
-static void dumpRowSecurity(Archive *fout, DumpOptions *dopt, RowSecurityInfo *rsinfo);
+static void dumpPolicy(Archive *fout, DumpOptions *dopt, PolicyInfo *polinfo);
 static void dumpDatabase(Archive *AH, DumpOptions *dopt);
 static void dumpEncoding(Archive *AH);
 static void dumpStdStrings(Archive *AH);
@@ -2765,22 +2765,22 @@ dumpBlobs(Archive *fout, DumpOptions *dopt, void *arg)
 }
 
 /*
- * getRowSecurity
- *	  get information about every row-security policy on a dumpable table.
+ * getPolicies
+ *	  get information about policies on a dumpable table.
  */
 void
-getRowSecurity(Archive *fout, TableInfo tblinfo[], int numTables)
+getPolicies(Archive *fout, TableInfo tblinfo[], int numTables)
 {
 	PQExpBuffer query;
 	PGresult   *res;
-	RowSecurityInfo *rsinfo;
+	PolicyInfo *polinfo;
 	int			i_oid;
 	int			i_tableoid;
-	int			i_rsecpolname;
-	int			i_rseccmd;
-	int			i_rsecroles;
-	int			i_rsecqual;
-	int			i_rsecwithcheck;
+	int			i_polname;
+	int			i_polcmd;
+	int			i_polroles;
+	int			i_polqual;
+	int			i_polwithcheck;
 	int			i,
 				j,
 				ntups;
@@ -2794,18 +2794,18 @@ getRowSecurity(Archive *fout, TableInfo tblinfo[], int numTables)
 	{
 		TableInfo  *tbinfo = &tblinfo[i];
 
-		/* Ignore row-security on tables not to be dumped */
+		/* Ignore row security on tables not to be dumped */
 		if (!tbinfo->dobj.dump)
 			continue;
 
 		if (g_verbose)
-			write_msg(NULL, "reading row-security enabled for table \"%s\".\"%s\"\n",
+			write_msg(NULL, "reading row security enabled for table \"%s\".\"%s\"\n",
 					  tbinfo->dobj.namespace->dobj.name,
 					  tbinfo->dobj.name);
 
 		/*
-		 * Get row-security enabled information for the table. We represent
-		 * RLS enabled on a table by creating RowSecurityInfo object with an
+		 * Get row security enabled information for the table. We represent
+		 * RLS enabled on a table by creating PolicyInfo object with an
 		 * empty policy.
 		 */
 		if (tbinfo->rowsec)
@@ -2814,23 +2814,23 @@ getRowSecurity(Archive *fout, TableInfo tblinfo[], int numTables)
 			 * Note: use tableoid 0 so that this object won't be mistaken for
 			 * something that pg_depend entries apply to.
 			 */
-			rsinfo = pg_malloc(sizeof(RowSecurityInfo));
-			rsinfo->dobj.objType = DO_ROW_SECURITY;
-			rsinfo->dobj.catId.tableoid = 0;
-			rsinfo->dobj.catId.oid = tbinfo->dobj.catId.oid;
-			AssignDumpId(&rsinfo->dobj);
-			rsinfo->dobj.namespace = tbinfo->dobj.namespace;
-			rsinfo->dobj.name = pg_strdup(tbinfo->dobj.name);
-			rsinfo->rstable = tbinfo;
-			rsinfo->rsecpolname = NULL;
-			rsinfo->rseccmd = NULL;
-			rsinfo->rsecroles = NULL;
-			rsinfo->rsecqual = NULL;
-			rsinfo->rsecwithcheck = NULL;
+			polinfo = pg_malloc(sizeof(PolicyInfo));
+			polinfo->dobj.objType = DO_POLICY;
+			polinfo->dobj.catId.tableoid = 0;
+			polinfo->dobj.catId.oid = tbinfo->dobj.catId.oid;
+			AssignDumpId(&polinfo->dobj);
+			polinfo->dobj.namespace = tbinfo->dobj.namespace;
+			polinfo->dobj.name = pg_strdup(tbinfo->dobj.name);
+			polinfo->poltable = tbinfo;
+			polinfo->polname = NULL;
+			polinfo->polcmd = NULL;
+			polinfo->polroles = NULL;
+			polinfo->polqual = NULL;
+			polinfo->polwithcheck = NULL;
 		}
 
 		if (g_verbose)
-			write_msg(NULL, "reading row-security policies for table \"%s\".\"%s\"\n",
+			write_msg(NULL, "reading policies for table \"%s\".\"%s\"\n",
 					  tbinfo->dobj.namespace->dobj.name,
 					  tbinfo->dobj.name);
 
@@ -2843,13 +2843,13 @@ getRowSecurity(Archive *fout, TableInfo tblinfo[], int numTables)
 
 		/* Get the policies for the table. */
 		appendPQExpBuffer(query,
-						  "SELECT oid, tableoid, s.rsecpolname, s.rseccmd, "
-						  "CASE WHEN s.rsecroles = '{0}' THEN 'PUBLIC' ELSE "
-						  "   array_to_string(ARRAY(SELECT rolname from pg_roles WHERE oid = ANY(s.rsecroles)), ', ') END AS rsecroles, "
-						  "pg_get_expr(s.rsecqual, s.rsecrelid) AS rsecqual, "
-				"pg_get_expr(s.rsecwithcheck, s.rsecrelid) AS rsecwithcheck "
-						  "FROM pg_catalog.pg_rowsecurity s "
-						  "WHERE rsecrelid = '%u'",
+						  "SELECT oid, tableoid, pol.polname, pol.polcmd, "
+						  "CASE WHEN pol.polroles = '{0}' THEN 'PUBLIC' ELSE "
+						  "   array_to_string(ARRAY(SELECT rolname from pg_roles WHERE oid = ANY(pol.polroles)), ', ') END AS polroles, "
+						  "pg_get_expr(pol.polqual, pol.polrelid) AS polqual, "
+				"pg_get_expr(pol.polwithcheck, pol.polrelid) AS polwithcheck "
+						  "FROM pg_catalog.pg_policy pol "
+						  "WHERE polrelid = '%u'",
 						  tbinfo->dobj.catId.oid);
 		res = ExecuteSqlQuery(fout, query->data, PGRES_TUPLES_OK);
 
@@ -2868,45 +2868,44 @@ getRowSecurity(Archive *fout, TableInfo tblinfo[], int numTables)
 
 		i_oid = PQfnumber(res, "oid");
 		i_tableoid = PQfnumber(res, "tableoid");
-		i_rsecpolname = PQfnumber(res, "rsecpolname");
-		i_rseccmd = PQfnumber(res, "rseccmd");
-		i_rsecroles = PQfnumber(res, "rsecroles");
-		i_rsecqual = PQfnumber(res, "rsecqual");
-		i_rsecwithcheck = PQfnumber(res, "rsecwithcheck");
+		i_polname = PQfnumber(res, "polname");
+		i_polcmd = PQfnumber(res, "polcmd");
+		i_polroles = PQfnumber(res, "polroles");
+		i_polqual = PQfnumber(res, "polqual");
+		i_polwithcheck = PQfnumber(res, "polwithcheck");
 
-		rsinfo = pg_malloc(ntups * sizeof(RowSecurityInfo));
+		polinfo = pg_malloc(ntups * sizeof(PolicyInfo));
 
 		for (j = 0; j < ntups; j++)
 		{
-			rsinfo[j].dobj.objType = DO_ROW_SECURITY;
-			rsinfo[j].dobj.catId.tableoid =
+			polinfo[j].dobj.objType = DO_POLICY;
+			polinfo[j].dobj.catId.tableoid =
 				atooid(PQgetvalue(res, j, i_tableoid));
-			rsinfo[j].dobj.catId.oid = atooid(PQgetvalue(res, j, i_oid));
-			AssignDumpId(&rsinfo[j].dobj);
-			rsinfo[j].dobj.namespace = tbinfo->dobj.namespace;
-			rsinfo[j].rstable = tbinfo;
-			rsinfo[j].rsecpolname = pg_strdup(PQgetvalue(res, j,
-														 i_rsecpolname));
+			polinfo[j].dobj.catId.oid = atooid(PQgetvalue(res, j, i_oid));
+			AssignDumpId(&polinfo[j].dobj);
+			polinfo[j].dobj.namespace = tbinfo->dobj.namespace;
+			polinfo[j].poltable = tbinfo;
+			polinfo[j].polname = pg_strdup(PQgetvalue(res, j, i_polname));
 
-			rsinfo[j].dobj.name = pg_strdup(rsinfo[j].rsecpolname);
+			polinfo[j].dobj.name = pg_strdup(polinfo[j].polname);
 
-			if (PQgetisnull(res, j, i_rseccmd))
-				rsinfo[j].rseccmd = NULL;
+			if (PQgetisnull(res, j, i_polcmd))
+				polinfo[j].polcmd = NULL;
 			else
-				rsinfo[j].rseccmd = pg_strdup(PQgetvalue(res, j, i_rseccmd));
+				polinfo[j].polcmd = pg_strdup(PQgetvalue(res, j, i_polcmd));
 
-			rsinfo[j].rsecroles = pg_strdup(PQgetvalue(res, j, i_rsecroles));
+			polinfo[j].polroles = pg_strdup(PQgetvalue(res, j, i_polroles));
 
-			if (PQgetisnull(res, j, i_rsecqual))
-				rsinfo[j].rsecqual = NULL;
+			if (PQgetisnull(res, j, i_polqual))
+				polinfo[j].polqual = NULL;
 			else
-				rsinfo[j].rsecqual = pg_strdup(PQgetvalue(res, j, i_rsecqual));
+				polinfo[j].polqual = pg_strdup(PQgetvalue(res, j, i_polqual));
 
-			if (PQgetisnull(res, j, i_rsecwithcheck))
-				rsinfo[j].rsecwithcheck = NULL;
+			if (PQgetisnull(res, j, i_polwithcheck))
+				polinfo[j].polwithcheck = NULL;
 			else
-				rsinfo[j].rsecwithcheck
-					= pg_strdup(PQgetvalue(res, j, i_rsecwithcheck));
+				polinfo[j].polwithcheck
+					= pg_strdup(PQgetvalue(res, j, i_polwithcheck));
 		}
 		PQclear(res);
 	}
@@ -2914,13 +2913,13 @@ getRowSecurity(Archive *fout, TableInfo tblinfo[], int numTables)
 }
 
 /*
- * dumpRowSecurity
- *	  dump the definition of the given row-security policy
+ * dumpPolicy
+ *	  dump the definition of the given policy
  */
 static void
-dumpRowSecurity(Archive *fout, DumpOptions *dopt, RowSecurityInfo *rsinfo)
+dumpPolicy(Archive *fout, DumpOptions *dopt, PolicyInfo *polinfo)
 {
-	TableInfo  *tbinfo = rsinfo->rstable;
+	TableInfo  *tbinfo = polinfo->poltable;
 	PQExpBuffer query;
 	PQExpBuffer delqry;
 	const char *cmd;
@@ -2929,23 +2928,23 @@ dumpRowSecurity(Archive *fout, DumpOptions *dopt, RowSecurityInfo *rsinfo)
 		return;
 
 	/*
-	 * If rsecpolname is NULL, then this record is just indicating that ROW
+	 * If polname is NULL, then this record is just indicating that ROW
 	 * LEVEL SECURITY is enabled for the table. Dump as ALTER TABLE <table>
 	 * ENABLE ROW LEVEL SECURITY.
 	 */
-	if (rsinfo->rsecpolname == NULL)
+	if (polinfo->polname == NULL)
 	{
 		query = createPQExpBuffer();
 
 		appendPQExpBuffer(query, "ALTER TABLE %s ENABLE ROW LEVEL SECURITY;",
-						  fmtId(rsinfo->dobj.name));
+						  fmtId(polinfo->dobj.name));
 
-		ArchiveEntry(fout, rsinfo->dobj.catId, rsinfo->dobj.dumpId,
-					 rsinfo->dobj.name,
-					 rsinfo->dobj.namespace->dobj.name,
+		ArchiveEntry(fout, polinfo->dobj.catId, polinfo->dobj.dumpId,
+					 polinfo->dobj.name,
+					 polinfo->dobj.namespace->dobj.name,
 					 NULL,
 					 tbinfo->rolname, false,
-					 "ROW SECURITY", SECTION_NONE,
+					 "ROW SECURITY", SECTION_POST_DATA,
 					 query->data, "", NULL,
 					 NULL, 0,
 					 NULL, NULL);
@@ -2954,19 +2953,19 @@ dumpRowSecurity(Archive *fout, DumpOptions *dopt, RowSecurityInfo *rsinfo)
 		return;
 	}
 
-	if (!rsinfo->rseccmd)
+	if (!polinfo->polcmd)
 		cmd = "ALL";
-	else if (strcmp(rsinfo->rseccmd, "r") == 0)
+	else if (strcmp(polinfo->polcmd, "r") == 0)
 		cmd = "SELECT";
-	else if (strcmp(rsinfo->rseccmd, "a") == 0)
+	else if (strcmp(polinfo->polcmd, "a") == 0)
 		cmd = "INSERT";
-	else if (strcmp(rsinfo->rseccmd, "w") == 0)
+	else if (strcmp(polinfo->polcmd, "w") == 0)
 		cmd = "UPDATE";
-	else if (strcmp(rsinfo->rseccmd, "d") == 0)
+	else if (strcmp(polinfo->polcmd, "d") == 0)
 		cmd = "DELETE";
 	else
 	{
-		write_msg(NULL, "unexpected command type: '%s'\n", rsinfo->rseccmd);
+		write_msg(NULL, "unexpected command type: '%s'\n", polinfo->polcmd);
 		exit_nicely(1);
 	}
 
@@ -2974,28 +2973,28 @@ dumpRowSecurity(Archive *fout, DumpOptions *dopt, RowSecurityInfo *rsinfo)
 	delqry = createPQExpBuffer();
 
 	appendPQExpBuffer(query, "CREATE POLICY %s ON %s FOR %s",
-					  rsinfo->rsecpolname, fmtId(tbinfo->dobj.name), cmd);
+					  polinfo->polname, fmtId(tbinfo->dobj.name), cmd);
 
-	if (rsinfo->rsecroles != NULL)
-		appendPQExpBuffer(query, " TO %s", rsinfo->rsecroles);
+	if (polinfo->polroles != NULL)
+		appendPQExpBuffer(query, " TO %s", polinfo->polroles);
 
-	if (rsinfo->rsecqual != NULL)
-		appendPQExpBuffer(query, " USING %s", rsinfo->rsecqual);
+	if (polinfo->polqual != NULL)
+		appendPQExpBuffer(query, " USING %s", polinfo->polqual);
 
-	if (rsinfo->rsecwithcheck != NULL)
-		appendPQExpBuffer(query, " WITH CHECK %s", rsinfo->rsecwithcheck);
+	if (polinfo->polwithcheck != NULL)
+		appendPQExpBuffer(query, " WITH CHECK %s", polinfo->polwithcheck);
 
 	appendPQExpBuffer(query, ";\n");
 
 	appendPQExpBuffer(delqry, "DROP POLICY %s ON %s;\n",
-					  rsinfo->rsecpolname, fmtId(tbinfo->dobj.name));
+					  polinfo->polname, fmtId(tbinfo->dobj.name));
 
-	ArchiveEntry(fout, rsinfo->dobj.catId, rsinfo->dobj.dumpId,
-				 rsinfo->dobj.name,
-				 rsinfo->dobj.namespace->dobj.name,
+	ArchiveEntry(fout, polinfo->dobj.catId, polinfo->dobj.dumpId,
+				 polinfo->dobj.name,
+				 polinfo->dobj.namespace->dobj.name,
 				 NULL,
 				 tbinfo->rolname, false,
-				 "ROW SECURITY", SECTION_POST_DATA,
+				 "POLICY", SECTION_POST_DATA,
 				 query->data, delqry->data, NULL,
 				 NULL, 0,
 				 NULL, NULL);
@@ -8232,8 +8231,8 @@ dumpDumpableObject(Archive *fout, DumpOptions *dopt, DumpableObject *dobj)
 						 NULL, 0,
 						 dumpBlobs, NULL);
 			break;
-		case DO_ROW_SECURITY:
-			dumpRowSecurity(fout, dopt, (RowSecurityInfo *) dobj);
+		case DO_POLICY:
+			dumpPolicy(fout, dopt, (PolicyInfo *) dobj);
 			break;
 		case DO_PRE_DATA_BOUNDARY:
 		case DO_POST_DATA_BOUNDARY:
@@ -15631,7 +15630,7 @@ addBoundaryDependencies(DumpableObject **dobjs, int numObjs,
 			case DO_TRIGGER:
 			case DO_EVENT_TRIGGER:
 			case DO_DEFAULT_ACL:
-			case DO_ROW_SECURITY:
+			case DO_POLICY:
 				/* Post-data objects: must come after the post-data boundary */
 				addObjectDependency(dobj, postDataBound->dumpId);
 				break;
diff --git a/src/bin/pg_dump/pg_dump.h b/src/bin/pg_dump/pg_dump.h
index a7eb2fd936..d1d9ecbaa2 100644
--- a/src/bin/pg_dump/pg_dump.h
+++ b/src/bin/pg_dump/pg_dump.h
@@ -76,7 +76,7 @@ typedef enum
 	DO_POST_DATA_BOUNDARY,
 	DO_EVENT_TRIGGER,
 	DO_REFRESH_MATVIEW,
-	DO_ROW_SECURITY
+	DO_POLICY
 } DumpableObjectType;
 
 typedef struct _dumpableObject
@@ -210,7 +210,7 @@ typedef struct _tableInfo
 	bool		hasindex;		/* does it have any indexes? */
 	bool		hasrules;		/* does it have any rules? */
 	bool		hastriggers;	/* does it have any triggers? */
-	bool		rowsec;			/* is row-security enabled? */
+	bool		rowsec;			/* is row security enabled? */
 	bool		hasoids;		/* does it have OIDs? */
 	uint32		frozenxid;		/* for restore frozen xid */
 	uint32		minmxid;		/* for restore min multi xid */
@@ -453,21 +453,21 @@ typedef struct _blobInfo
 } BlobInfo;
 
 /*
- * The RowSecurityInfo struct is used to represent row policies on a table and
+ * The PolicyInfo struct is used to represent policies on a table and
  * to indicate if a table has RLS enabled (ENABLE ROW SECURITY).  If
- * rsecpolname is NULL, then the record indicates ENABLE ROW SECURITY, while if
+ * polname is NULL, then the record indicates ENABLE ROW SECURITY, while if
  * it's non-NULL then this is a regular policy definition.
  */
-typedef struct _rowSecurityInfo
+typedef struct _policyInfo
 {
 	DumpableObject dobj;
-	TableInfo  *rstable;
-	char	   *rsecpolname;	/* null indicates RLS is enabled on rel */
-	char	   *rseccmd;
-	char	   *rsecroles;
-	char	   *rsecqual;
-	char	   *rsecwithcheck;
-} RowSecurityInfo;
+	TableInfo  *poltable;
+	char	   *polname;	/* null indicates RLS is enabled on rel */
+	char	   *polcmd;
+	char	   *polroles;
+	char	   *polqual;
+	char	   *polwithcheck;
+} PolicyInfo;
 
 /* global decls */
 extern bool force_quotes;		/* double-quotes for identifiers flag */
@@ -549,6 +549,6 @@ extern DefaultACLInfo *getDefaultACLs(Archive *fout, DumpOptions *dopt, int *num
 extern void getExtensionMembership(Archive *fout, DumpOptions *dopt, ExtensionInfo extinfo[],
 					   int numExtensions);
 extern EventTriggerInfo *getEventTriggers(Archive *fout, int *numEventTriggers);
-extern void getRowSecurity(Archive *fout, TableInfo tblinfo[], int numTables);
+extern void getPolicies(Archive *fout, TableInfo tblinfo[], int numTables);
 
 #endif   /* PG_DUMP_H */
diff --git a/src/bin/pg_dump/pg_dump_sort.c b/src/bin/pg_dump/pg_dump_sort.c
index 030bccc7e6..0e62af2776 100644
--- a/src/bin/pg_dump/pg_dump_sort.c
+++ b/src/bin/pg_dump/pg_dump_sort.c
@@ -28,8 +28,8 @@ static const char *modulename = gettext_noop("sorter");
  * by OID.  (This is a relatively crude hack to provide semi-reasonable
  * behavior for old databases without full dependency info.)  Note: collations,
  * extensions, text search, foreign-data, materialized view, event trigger,
- * and default ACL objects can't really happen here, so the rather bogus
- * priorities for them don't matter.
+ * policies, and default ACL objects can't really happen here, so the rather
+ * bogus priorities for them don't matter.
  *
  * NOTE: object-type priorities must match the section assignments made in
  * pg_dump.c; that is, PRE_DATA objects must sort before DO_PRE_DATA_BOUNDARY,
@@ -73,7 +73,7 @@ static const int oldObjectTypePriority[] =
 	13,							/* DO_POST_DATA_BOUNDARY */
 	20,							/* DO_EVENT_TRIGGER */
 	15,							/* DO_REFRESH_MATVIEW */
-	21							/* DO_ROW_SECURITY */
+	21							/* DO_POLICY */
 };
 
 /*
@@ -122,7 +122,7 @@ static const int newObjectTypePriority[] =
 	25,							/* DO_POST_DATA_BOUNDARY */
 	32,							/* DO_EVENT_TRIGGER */
 	33,							/* DO_REFRESH_MATVIEW */
-	34							/* DO_ROW_SECURITY */
+	34							/* DO_POLICY */
 };
 
 static DumpId preDataBoundId;
@@ -1438,9 +1438,9 @@ describeDumpableObject(DumpableObject *obj, char *buf, int bufsize)
 					 "BLOB DATA  (ID %d)",
 					 obj->dumpId);
 			return;
-		case DO_ROW_SECURITY:
+		case DO_POLICY:
 			snprintf(buf, bufsize,
-					 "ROW-SECURITY POLICY (ID %d OID %u)",
+					 "POLICY (ID %d OID %u)",
 					 obj->dumpId, obj->catId.oid);
 			return;
 		case DO_PRE_DATA_BOUNDARY:
diff --git a/src/bin/psql/describe.c b/src/bin/psql/describe.c
index a062fa871f..5a9ceca0df 100644
--- a/src/bin/psql/describe.c
+++ b/src/bin/psql/describe.c
@@ -783,31 +783,31 @@ permissionsList(const char *pattern)
 	if (pset.sversion >= 90500)
 		appendPQExpBuffer(&buf,
 						  ",\n  pg_catalog.array_to_string(ARRAY(\n"
-						  "    SELECT rsecpolname\n"
-						  "    || CASE WHEN rseccmd IS NOT NULL THEN\n"
-						  "           E' (' || rseccmd || E')'\n"
+						  "    SELECT polname\n"
+						  "    || CASE WHEN polcmd IS NOT NULL THEN\n"
+						  "           E' (' || polcmd || E')'\n"
 						  "       ELSE E':' \n"
 						  "       END\n"
-						  "    || CASE WHEN rs.rsecqual IS NOT NULL THEN\n"
-						  "           E'\\n  (u): ' || pg_catalog.pg_get_expr(rsecqual, rsecrelid)\n"
+						  "    || CASE WHEN polqual IS NOT NULL THEN\n"
+						  "           E'\\n  (u): ' || pg_catalog.pg_get_expr(polqual, polrelid)\n"
 						  "       ELSE E''\n"
 						  "       END\n"
-						  "    || CASE WHEN rsecwithcheck IS NOT NULL THEN\n"
-						  "           E'\\n  (c): ' || pg_catalog.pg_get_expr(rsecwithcheck, rsecrelid)\n"
+						  "    || CASE WHEN polwithcheck IS NOT NULL THEN\n"
+						  "           E'\\n  (c): ' || pg_catalog.pg_get_expr(polwithcheck, polrelid)\n"
 						  "       ELSE E''\n"
 						  "       END"
-						  "    || CASE WHEN rs.rsecroles <> '{0}' THEN\n"
+						  "    || CASE WHEN polroles <> '{0}' THEN\n"
 						  "           E'\\n  to: ' || pg_catalog.array_to_string(\n"
 						  "               ARRAY(\n"
 						  "                   SELECT rolname\n"
 						  "                   FROM pg_catalog.pg_roles\n"
-						  "                   WHERE oid = ANY (rs.rsecroles)\n"
+						  "                   WHERE oid = ANY (polroles)\n"
 						  "                   ORDER BY 1\n"
 						  "               ), E', ')\n"
 						  "       ELSE E''\n"
 						  "       END\n"
-						  "    FROM pg_catalog.pg_rowsecurity rs\n"
-						  "    WHERE rsecrelid = c.oid), E'\\n')\n"
+						  "    FROM pg_catalog.pg_policy pol\n"
+						  "    WHERE polrelid = c.oid), E'\\n')\n"
 						  "    AS \"%s\"",
 						  gettext_noop("Policies"));
 
@@ -2001,27 +2001,19 @@ describeOneTableDetails(const char *schemaname,
 		/* print any row-level policies */
 		if (pset.sversion >= 90500)
 		{
-			appendPQExpBuffer(&buf,
-				",\n pg_catalog.pg_get_expr(rs.rsecqual, c.oid) as \"%s\"",
-				gettext_noop("Row-security"));
-
-			if (verbose)
-				appendPQExpBuffer(&buf,
-					"\n     LEFT JOIN pg_rowsecurity rs ON rs.rsecrelid = c.oid");
-
 			printfPQExpBuffer(&buf,
-						   "SELECT rs.rsecpolname,\n"
-						   "CASE WHEN rs.rsecroles = '{0}' THEN NULL ELSE array_to_string(array(select rolname from pg_roles where oid = any (rs.rsecroles) order by 1),',') END,\n"
-						   "pg_catalog.pg_get_expr(rs.rsecqual, rs.rsecrelid),\n"
-						   "pg_catalog.pg_get_expr(rs.rsecwithcheck, rs.rsecrelid),\n"
-						   "CASE rs.rseccmd \n"
+						   "SELECT pol.polname,\n"
+						   "CASE WHEN pol.polroles = '{0}' THEN NULL ELSE array_to_string(array(select rolname from pg_roles where oid = any (pol.polroles) order by 1),',') END,\n"
+						   "pg_catalog.pg_get_expr(pol.polqual, pol.polrelid),\n"
+						   "pg_catalog.pg_get_expr(pol.polwithcheck, pol.polrelid),\n"
+						   "CASE pol.polcmd \n"
 						   "WHEN 'r' THEN 'SELECT'\n"
 						   "WHEN 'u' THEN 'UPDATE'\n"
 						   "WHEN 'a' THEN 'INSERT'\n"
 						   "WHEN 'd' THEN 'DELETE'\n"
 						   "END AS cmd\n"
-							  "FROM pg_catalog.pg_rowsecurity rs\n"
-				  "WHERE rs.rsecrelid = '%s' ORDER BY 1;",
+							  "FROM pg_catalog.pg_policy pol\n"
+				  "WHERE pol.polrelid = '%s' ORDER BY 1;",
 							  oid);
 
 			result = PSQLexec(buf.data);
diff --git a/src/bin/psql/tab-complete.c b/src/bin/psql/tab-complete.c
index 278d3952d4..1bb5a8373f 100644
--- a/src/bin/psql/tab-complete.c
+++ b/src/bin/psql/tab-complete.c
@@ -2069,7 +2069,7 @@ psql_completion(const char *text, int start, int end)
 		static const char *const list_COMMENT[] =
 		{"CAST", "COLLATION", "CONVERSION", "DATABASE", "EVENT TRIGGER", "EXTENSION",
 			"FOREIGN DATA WRAPPER", "FOREIGN TABLE",
-			"SERVER", "INDEX", "LANGUAGE", "RULE", "SCHEMA", "SEQUENCE",
+			"SERVER", "INDEX", "LANGUAGE", "POLICY", "RULE", "SCHEMA", "SEQUENCE",
 			"TABLE", "TYPE", "VIEW", "MATERIALIZED VIEW", "COLUMN", "AGGREGATE", "FUNCTION",
 			"OPERATOR", "TRIGGER", "CONSTRAINT", "DOMAIN", "LARGE OBJECT",
 		"TABLESPACE", "TEXT SEARCH", "ROLE", NULL};