Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e4ZYi-0001Tc-JV for pgsql-performance@arkaria.postgresql.org; Tue, 17 Oct 2017 21:37:56 +0000 Received: from localhost ([127.0.0.1] helo=postgresql.org) by malur.postgresql.org with smtp (Exim 4.84_2) (envelope-from ) id 1e4ZYi-00005i-04 for pgsql-performance@arkaria.postgresql.org; Tue, 17 Oct 2017 21:37:56 +0000 Received: from makus.postgresql.org ([2001:4800:1501:1::229]) by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1e4ZWw-0005CR-AA for pgsql-performance@postgresql.org; Tue, 17 Oct 2017 21:36:06 +0000 Received: from mail-wm0-x230.google.com ([2a00:1450:400c:c09::230]) by makus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.84_2) (envelope-from ) id 1e4ZWt-0004gU-Ax for pgsql-performance@postgresql.org; Tue, 17 Oct 2017 21:36:04 +0000 Received: by mail-wm0-x230.google.com with SMTP id q132so6518813wmd.2 for ; Tue, 17 Oct 2017 14:36:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=2ndquadrant-com.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=16o5YI2pO+vJ3oQ9J36FjZa5hhD9yYv0RwCi+hIvasc=; b=n99FFf96T4k9292ZLlaGl+c/X65zc/Xw01RVnGhT52SFgv7daekArT17zqLf28Yluj XzX8Ya+If2fnz4gfgd2C6wusvSPja1jn58KQrne/wJOca+TA95CuG+39LkUmdQshzUuf XxTe+VF+Cmpm/v6eN20bxVhlVJ7SsTX1mKykGwzX9uvq9Mgm+eCIQIO2CIrrpp4OaOXK sPWn/VoBpZG0hfml4qJ8hhllR4eY9XmPALi+L1Rzr3kbOpO3aFdGhISoJEzlPH/soLY3 J8rWZTA7T3H3VtrlIWUtQVeJQs0NUcgHjrjpK6nDviLP0jSYAVPc/JxrN6cSVAzXic+l 9N1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=16o5YI2pO+vJ3oQ9J36FjZa5hhD9yYv0RwCi+hIvasc=; b=qMgIVOu9aZZVvnoCc4icFGtgyZ6nfvRZjTmgbex93ukceZtH6r9OZAB1Qkopw3XkeS 54YMgltsalhj/p1tltyKqG51YrhN1e/kwIcbp8SQFrWP5LgE+VuHSAsVovJvkPIg8GM9 rULkOyPewrrO5Pgs9pgN8a9OporOcaGoBtDy0qg+kaGhW2C8U7gzDJxOS942XmfgjyOh 6XyX1cei8/Qq7TR2eUZWAM48RTC467YYGtIxYZuij72A27pSNNkof/b3Tjn06Q9myqSe l3k/bJgkq/4zwr1KhEKvxWqNvROPekC1tyMN9kxORMKoHOiPiI5A2Bgip92kMqwrUYH9 n2Kw== X-Gm-Message-State: AMCzsaU6TYSbTa9+sI6l1eykN8I4LvK6+GjNm2VUjBdYKaMYsa7q/ryI JDKwzfbvacj6BPp0lKFF7LmrTE6oxgzddxXyuF2tMbzYsAt3/TJukDiMFssX7rhT82bjXqWOVsY 50Q5ZZLlQ+2MAki7SJOIasRum5XJnkHWIMzJl9u/e22DsimwxkqyGmAsDfqQmw9jM6vMFCodQIb aYOB/8QtuDbB32SQ== X-Google-Smtp-Source: ABhQp+TqZnhM3gtK109IhXJdidCoGkFp1Fmg/3gPq1T2L88pBwyHcisGuR/l+FB0UjhUdwOuSKagfg== X-Received: by 10.28.9.197 with SMTP id 188mr4128325wmj.20.1508276160849; Tue, 17 Oct 2017 14:36:00 -0700 (PDT) Received: from [10.137.2.19] (ip-78-102-97-226.net.upcbroadband.cz. [78.102.97.226]) by smtp.gmail.com with ESMTPSA id e196sm23872941wmf.9.2017.10.17.14.35.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Oct 2017 14:36:00 -0700 (PDT) Subject: Re: Row level security policy policy versus SQL constraints. Any performance difference? To: Joe Carlson , pgsql-performance@postgresql.org References: <59E66BA8.6060009@lbl.gov> From: Tomas Vondra Message-ID: <993c32d2-1389-66aa-1368-ca44de370a3a@2ndquadrant.com> Date: Tue, 17 Oct 2017 23:35:58 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <59E66BA8.6060009@lbl.gov> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit List-Archive: List-Help: List-ID: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: X-Mailing-List: pgsql-performance Precedence: bulk Sender: pgsql-performance-owner@postgresql.org Hi, On 10/17/2017 10:44 PM, Joe Carlson wrote: > Hello. > > I have not used row level security policies in the past but am > considering using them for a project in which I would like to restrict > the set returned in a query based on specific fields. This is more as a > convenience issue (for me) rather than a security issue. > > What I was wondering is what is the performance differences between a > row level security implementation: > > CREATE POLICY ON TO USING > (=ANY()); > > DROP POLICY > > and an implementation where I add on the constraints as part of each > select statement: > > SELECT FROM
WHERE AND > =ANY() > > In my (admittedly small) number of EXPLAINs I've looked at, it appears > that the policy logic is added to the SELECT statement as a constraint. > So I would not expect any fundamental performance difference in the 2 > different forms. > > Is this true? Or is there some extra behind-the-scenes things to be > aware of? Can there be excessive overhead from the CREATE/DROP POLICY > statements? > The main point of the RLS is enforcing an order in which the conditions are evaluated. That is, the "security" quals (coming from RLS policies) have to be evaluated first, before any quals that might leak information about the values (imagine a custom PL/pgSQL function inserting the data somewhere, or perhaps just printing debug messages). (Many built-in operators are however exempt from that, as we consider them leak-proof. This allows us to use non-RLS conditions for index scans etc. which might be impossible otherwise) Otherwise yes - it's pretty much the same as if you combine the conditions using AND. It's "just" much more convenient approach. regards -- Tomas Vondra http://www.2ndQuadrant.com PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services -- Sent via pgsql-performance mailing list (pgsql-performance@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-performance