Home > mailing lists

policies with security definer option for allowing inline optimization - Mailing list pgsql-hackers

From	Dan Lynch
Subject	policies with security definer option for allowing inline optimization
Date	April 2, 2021 08:44:02
Msg-id	CA+_muLEWeghudnvHMJhhyDpzLTZEGFfvGhBeTxFMk0vT2x+-9w@mail.gmail.com Whole thread Raw
Responses	Re: policies with security definer option for allowing inline optimization
List	pgsql-hackers

Tree view

RLS policies quals/checks are optimized inline, and so I generally avoid writing a separate procedure so the optimizer can do it's thing.

However, if you need a security definer to avoid recursive RLS if you're doing a more complex query say, on a join table, anyone wish there was a flag on the policy itself to specify that `WITH CHECK` or `USING` expression could be run via security definer?

The main reason for this is to avoid writing a separate security definer function so you can benefit from the optimizer.

Is this possible? Would this be worth a feature request to postgres core?

Cheers!

Dan

pgsql-hackers by date:

From: Fabien COELHO
Date: 02 April 2021, 08:43:55
Subject: Re: pgbench - add pseudo-random permutation function

From: Tom Lane
Date: 02 April 2021, 08:45:06
Subject: Re: libpq debug log

policies with security definer option for allowing inline optimization - Mailing list pgsql-hackers

Previous

Next