| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Alastair McKinley <a(dot)mckinley(at)analyticsengines(dot)com> |
| Cc: | "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Index selection issues with RLS using expressions |
| Date: | 2020-03-31 19:18:22 |
| Message-ID: | 23829.1585682302@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Alastair McKinley <a(dot)mckinley(at)analyticsengines(dot)com> writes:
> I am running in to an issue with RLS and index selection in my queries. I created a toy example to try to illustrate the issue below. Postgres version is PostgreSQL 12.2 (Debian 12.2-2.pgdg100+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 8.3.0-6) 8.3.0, 64-bit.
> Is there some subtle reason as to why the role "new_user" cannot seem to generate a query plan that uses the gin index?
The && operator is not marked leakproof, so it can't be applied till
after the RLS filter, making an indexscan with it impossible when
RLS is active.
Perhaps arrayoverlap() itself could be proven leakproof, but the
underlying type-specific equality operator might or might not be.
We don't have enough infrastructure to handle indirect leakproofness
requirements like that, so you lose :-(
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Richard Bernstein | 2020-03-31 19:49:11 | keeping images in a bytea field on AWS RDS |
| Previous Message | Alastair McKinley | 2020-03-31 18:53:24 | Index selection issues with RLS using expressions |