public inbox for [email protected]
help / color / mirror / Atom feedFrom: Joe Carlson <[email protected]>
To: Tom Lane <[email protected]>
To: Tomas Vondra <[email protected]>
Cc: [email protected]
Subject: Re: Row level security policy policy versus SQL constraints. Any performance difference?
Date: Tue, 17 Oct 2017 15:18:49 -0700
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
List-Unsubscribe: <mailto:[email protected]?body=unsub%20pgsql-performance>
Thanks for your suggestions.
I had pretty much given up on this idea. At first, I had thought there
would only be 2 or 3 different constraint cases to consider. I had
thought of using distinct credentials for my connection and using RLS to
give different cuts on the same table. The different policies could be
established in advance and never touched.
But then it became clear that I actually would need a very large number
of different restrictions on the tables - too many to create in advance.
At this point it's easiest to apply constraints on each select rather
than apply a policy every time.
Thanks,
Joe
On 10/17/2017 03:06 PM, Tom Lane wrote:
> Tomas Vondra <[email protected]> writes:
>> On 10/17/2017 10:44 PM, Joe Carlson wrote:
>>> What I was wondering is what is the performance differences between a
>>> row level security implementation:
>>> ...
>>> and an implementation where I add on the constraints as part of each
>>> select statement:
>> The main point of the RLS is enforcing an order in which the conditions
>> are evaluated.
> Yeah. Because of that, I would *not* recommend RLS if you can equally
> well stick the equivalent conditions into your queries. There is way
> too much risk of taking a serious performance hit due to a bad plan.
>
> An alternative you might consider, if simplifying the input queries
> is useful, is to put the fixed conditions into a view and query the
> view instead. That way there's not an enforced evaluation order.
>
> regards, tom lane
--
Sent via pgsql-performance mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-performance
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: Row level security policy policy versus SQL constraints. Any performance difference?
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox