Re: Extend CREATE POLICY to add IF EXISTS

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Álvaro Herrera <[email protected]>
To: Paul Austin <[email protected]>
Cc: [email protected] <[email protected]>
Subject: Re: Extend CREATE POLICY to add IF EXISTS
Date: Tue, 21 Oct 2025 10:23:27 +0300
Message-ID: <[email protected]> (raw)
In-Reply-To: <CWXP265MB5009813E2DAA4D48F8C4A9F4F7F5A@CWXP265MB5009.GBRP265.PROD.OUTLOOK.COM>

On 2025-Oct-20, Paul Austin wrote:

> Adrian,
> 
> The drop policy IF EXISTS does work.
> 
> But it would be nice to have the IF NOT EXISTS on CREATE POLICY so I
> don't need to do a drop and create.

How would CREATE IF NOT EXISTS handle the case of an existing policy
that doesn't match the one you want?  I think it would just silently not
do anything, and in that case you can't really rely on it, can you?  So
your script would have to extract the current policy, compare with the
one you want (how?) and then maybe drop it and create it anew, or leave
it alone.  Is this really useful?

I think what you'd really appreciate is CREATE OR REPLACE: if the
policy exists and matches the one you ask for, then don't do anything;
but otherwise throw it away and create it anew.  We have this for views,
and it allows for things like adding more columns than the original view
had.

BTW, the pattern DROP IF EXISTS / CREATE is a bit nasty, because there
exists a period in between where no policy exists, which could be a
security hole.  Unless you use an explicit transaction block.

-- 
Álvaro Herrera        Breisgau, Deutschland  —  https://www.EnterpriseDB.com/
"I love the Postgres community. It's all about doing things _properly_. :-)"
(David Garamond)

view thread (3+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected]
  Subject: Re: Extend CREATE POLICY to add IF EXISTS
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox