Hello.
I have not used row level security policies in the past but am
considering using them for a project in which I would like to restrict
the set returned in a query based on specific fields. This is more as a
convenience issue (for me) rather than a security issue.
What I was wondering is what is the performance differences between a
row level security implementation:
CREATE POLICY <policy name> ON <table> TO <role> USING
(<field>=ANY(<values>));
<series of selects>
DROP POLICY <policy name>
and an implementation where I add on the constraints as part of each
select statement:
SELECT <whatever> FROM <table> WHERE <constraints> AND <field>=ANY(<values>)
In my (admittedly small) number of EXPLAINs I've looked at, it appears
that the policy logic is added to the SELECT statement as a constraint.
So I would not expect any fundamental performance difference in the 2
different forms.
Is this true? Or is there some extra behind-the-scenes things to be
aware of? Can there be excessive overhead from the CREATE/DROP POLICY
statements?
Thanks,
Joe
--
Sent via pgsql-performance mailing list (pgsql-performance@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-performance
