Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1u8J4i-000fc7-TP for pgsql-general@arkaria.postgresql.org; Fri, 25 Apr 2025 13:26:41 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1u8J4f-00B3XX-A1 for pgsql-general@arkaria.postgresql.org; Fri, 25 Apr 2025 13:26:38 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1u8J4e-00B3XP-Vt for pgsql-general@lists.postgresql.org; Fri, 25 Apr 2025 13:26:37 +0000 Received: from mail-oi1-x234.google.com ([2607:f8b0:4864:20::234]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1u8J4c-0020dt-1l for pgsql-general@lists.postgresql.org; Fri, 25 Apr 2025 13:26:37 +0000 Received: by mail-oi1-x234.google.com with SMTP id 5614622812f47-3fb3f4bf97aso703455b6e.2 for ; Fri, 25 Apr 2025 06:26:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1745587594; x=1746192394; darn=lists.postgresql.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=T0dYLy/2sC+VcNxoN+mmDTGHYgnFXhj8z1JSYkoyAkY=; b=Hb/NG8PawhkPNptVCp2/HEt4pviQ7nD86MPDQedMReMRsczPurWb7Y3cxIOSirmhbA eP3ooPXu6+PeKg0Dm4eab0Un6Ko0tzZHgPpGcRVNsjCpqP4d37KF3UpBwz16Yqolg+1i XPep/DE66lXl2suPOLdJcsGQ5tOl9KH2Psl+4kdCof7qGMnt+HZUVPoHz+4JgD5HlzgQ eUmz2X1NXB37KLEQNEFPfjgJ7mgfBwwpqEIQVaRorlNUmSRJpvUZRi31efRCtUSQfw3S DVKoKit4zYmUyN3NPGYTgiHK0RPMBfxKgeZikmy83sMiNdvDyLui+o06pUEVVb4jykoR PX+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745587594; x=1746192394; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=T0dYLy/2sC+VcNxoN+mmDTGHYgnFXhj8z1JSYkoyAkY=; b=oMi3UIgaaY6CTJgf/5D4NtqbkAOgHfPFBYY0QAz3fORWPjBjxvM8c/cdzSh7df8O0C jWspnohlW7uccb/AIhBq6U0pOqf0wUCZwCw0bSi8jlBg8ReEngupG/wE2FkFQhVkVi97 HYRJLdCj36VoZaezKUB24dSQ+NqjRV9RxTVS2sPqHA12ywm1NcOUHHt6pSdKTlvozp3G ncs+UzQwqtlONco92q2rhUgIuu5InQAYM2gRtbguQJntuhMXAHE0fpwWrUqU1b8Sy3vg wh23saGt0CMCbo0ArEERuuIapU+F0RyiW4ViE7bKsNs9uoS8Do819XTDyJmWzq/LOBGa t+tQ== X-Forwarded-Encrypted: i=1; AJvYcCW7fo0v0VPzwQ6DrPprar9nkOcFgWuqbIrjMXlfQQ76+2XnEDJ90LXroFZnT8Tn0JtO7abPy+uCZuGHZE21@lists.postgresql.org X-Gm-Message-State: AOJu0YwUtELdz11Yojqi2LqR5XtNkwXmFiVjlRKwSUPMIVfQ5Favmh90 OMDmirwy0lU+N10fHEp8Zlrxczc4wAMwudq4cLjpXn4HaQli5UYyjLYS1ADKYua2oVLL6sU6RmU G86f5aMhBuZn3k6PFW0YlPZ5KI1rVEg== X-Gm-Gg: ASbGncu+5GAoppfIX+OSWt1cttNu9TfW81W+YPVh0ug1gHs45HyxLTcg9kiwFG17C4X 2LTAZLfuKxDo1VvnMilggdgyzSBqmfe0Jobq2K9ZdQn/IlLjFrXxDCjPF2MM89O9YfUk8O+Gmam gNy9Zy1f8KbV5IwaBWMsmnexCZ+OdIueivhY8= X-Google-Smtp-Source: AGHT+IH5LM3KN6ZkenhOwdIij0+P1TH3pAgOJ9xok9hYihTNdG1decq257d7pgQHf5TSmJLSA6RtQvqy9GOEKEk5nks= X-Received: by 2002:a05:6808:6a85:b0:3f6:a929:c428 with SMTP id 5614622812f47-401f27c784dmr1426009b6e.0.1745587593601; Fri, 25 Apr 2025 06:26:33 -0700 (PDT) MIME-Version: 1.0 References: <88804c921b425d37a3072b5698b558a763d80d63.camel@cybertec.at> In-Reply-To: From: Dominique Devienne Date: Fri, 25 Apr 2025 15:25:59 +0200 X-Gm-Features: ATxdqUEPQb1QvbRooMYt_UXGs4ZFOohn_3ICygUbpNq2DbwaaUP21unXdZws6v8 Message-ID: Subject: Re: Clarification on RLS policy To: Vydehi Ganti Cc: Laurenz Albe , pgsql-general@lists.postgresql.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Fri, Apr 25, 2025 at 3:21=E2=80=AFPM Vydehi Ganti w= rote: > So I don't have a possibility to append where clause dynamically and can = only check the boolean? Indeed. But given that you can run arbitrary SQL inside the function, even dynamic SQL, that ends up pretty much the same. And you have access to in-row values too, when calling the function. It's just a different design, that's all. --DD