Re: policies with security definer option for allowing inline optimization - Mailing list pgsql-hackers

From Noah Misch
Subject Re: policies with security definer option for allowing inline optimization
Date
Msg-id 20210406062056.GA801591@rfd.leadboat.com
Whole thread Raw
In response to Re: policies with security definer option for allowing inline optimization  (Dan Lynch <pyramation@gmail.com>)
Responses Re: policies with security definer option for allowing inline optimization
List pgsql-hackers
On Mon, Apr 05, 2021 at 07:51:46PM -0700, Dan Lynch wrote:
> > > I suppose if the
> > > get_group_ids_of_current_user() function is marked as STABLE, would the
> > > optimizer cache this value for every row in a SELECT that returned
> > > multiple rows?
> >
> > While there was a patch to implement caching, it never finished.  The
> > optimizer is allowed to, and sometimes does, choose plan shapes that reduce
> > the number of function calls.
> 
> So for multiple rows, it's possible that the same query could happen for
> each row? Even if it's clearly stable and only a read operation is
> happening?

Yes.  The caching patch thread gives some example queries:
https://postgr.es/m/flat/CABRT9RA-RomVS-yzQ2wUtZ%3Dm-eV61LcbrL1P1J3jydPStTfc6Q%40mail.gmail.com

> I suppose if the possibility exists that this could happen, perhaps using
> RLS for selects is not quite "production ready"?

I would not draw that conclusion.

> Or perhaps if the RLS
> qual/check is written well-enough, then maybe the performance hit wouldn't
> be noticed?

Yes.



pgsql-hackers by date:

Previous
From: "tanghy.fnst@fujitsu.com"
Date:
Subject: RE: Table refer leak in logical replication
Next
From: Kyotaro Horiguchi
Date:
Subject: Re: Stronger safeguard for archive recovery not to miss data