Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtp (Exim 4.84_2)
	(envelope-from
 <pgsql-performance-owner+M55538=pgsql-performance-ar@postgresql.org>)
	id 1e4a0k-0002rg-F3
	for pgsql-performance@arkaria.postgresql.org; Tue, 17 Oct 2017 22:06:54 +0000
Received: from localhost ([127.0.0.1] helo=postgresql.org)
	by malur.postgresql.org with smtp (Exim 4.84_2)
	(envelope-from
 <pgsql-performance-owner+M55538=pgsql-performance-ar@postgresql.org>)
	id 1e4a0k-0002Ip-1s
	for pgsql-performance@arkaria.postgresql.org; Tue, 17 Oct 2017 22:06:54 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256)
	(Exim 4.84_2)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1e4a0i-0002Ab-CZ
	for pgsql-performance@postgresql.org; Tue, 17 Oct 2017 22:06:52 +0000
Received: from sss.pgh.pa.us ([66.207.139.130])
	by magus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256)
	(Exim 4.84_2)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1e4a0f-0008Jm-FF
	for pgsql-performance@postgresql.org; Tue, 17 Oct 2017 22:06:51 +0000
Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1])
	by sss.pgh.pa.us (8.14.4/8.14.4) with ESMTP id v9HM6iIW014731;
	Tue, 17 Oct 2017 18:06:44 -0400
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Tomas Vondra <tomas.vondra@2ndquadrant.com>
cc: Joe Carlson <jwcarlson@lbl.gov>, pgsql-performance@postgresql.org
Subject: Re: Row level security policy policy versus SQL constraints. Any
 performance difference?
In-reply-to: <993c32d2-1389-66aa-1368-ca44de370a3a@2ndquadrant.com>
References: <59E66BA8.6060009@lbl.gov>
 <993c32d2-1389-66aa-1368-ca44de370a3a@2ndquadrant.com>
Comments: In-reply-to Tomas Vondra <tomas.vondra@2ndquadrant.com>
	message dated "Tue, 17 Oct 2017 23:35:58 +0200"
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <14729.1508278004.1@sss.pgh.pa.us>
Date: Tue, 17 Oct 2017 18:06:44 -0400
Message-ID: <14730.1508278004@sss.pgh.pa.us>
List-Archive: <http://archives.postgresql.org/pgsql-performance>
List-Help: <mailto:majordomo@postgresql.org?body=help>
List-ID: <pgsql-performance.postgresql.org>
List-Owner: <mailto:pgsql-performance-owner@postgresql.org>
List-Post: <mailto:pgsql-performance@postgresql.org>
List-Subscribe: <mailto:majordomo@postgresql.org?body=sub%20pgsql-performance>
List-Unsubscribe: 
 <mailto:majordomo@postgresql.org?body=unsub%20pgsql-performance>
X-Mailing-List: pgsql-performance
Precedence: bulk
Sender: pgsql-performance-owner@postgresql.org

Tomas Vondra <tomas.vondra@2ndquadrant.com> writes:
> On 10/17/2017 10:44 PM, Joe Carlson wrote:
>> What I was wondering is what is the performance differences between a
>> row level security implementation:
>> ...
>> and an implementation where I add on the constraints as part of each
>> select statement:

> The main point of the RLS is enforcing an order in which the conditions
> are evaluated.

Yeah.  Because of that, I would *not* recommend RLS if you can equally
well stick the equivalent conditions into your queries.  There is way
too much risk of taking a serious performance hit due to a bad plan.

An alternative you might consider, if simplifying the input queries
is useful, is to put the fixed conditions into a view and query the
view instead.  That way there's not an enforced evaluation order.

			regards, tom lane


-- 
Sent via pgsql-performance mailing list (pgsql-performance@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-performance