Hi, On Thu, Jan 16, 2025 at 04:09:44PM +0900, Shinya Kato wrote: > On Thu, Jan 16, 2025 at 3:31 PM Michael Banck <mba...@gmx.net> wrote: > > I do think having a whitelist of allowed-to-be-installed extensions > > (similar/like https://github.com/dimitri/pgextwlist) makes sense > > additionally in today's container/cloud word where the local Postgres > > admin might not have control over which packages get installed but wants > > to have control over which extension the application admins (or whoever) > > may create, but that is another topic I think. > > To use a certain extension, you may need to install the > postgresql-contrib package. In that case, is there a way to restrict > extensions other than the required one? Or is it unnecessary to impose > such restrictions?
I was thinking about the following (increasinly common, I think) use-case: we have a largish organisation where the platform/whatever team wants to deploy Postgres in a uniform way and install the common set of all contrib and external extensions that might be needed for each instance. But then you have instance-specific admins that might want to restrict the set of extensions their instance (or their developers/app admins/whatever) is allowed to use. However, this is not the purpose of the patch in discussion, just a side-remark that this functionality would be good to have in addition. Michael
