| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Marc Munro <marc(at)bloodnok(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: policies and extensions |
| Date: | 2020-02-18 17:30:35 |
| Message-ID: | 6568.1582047035@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Marc Munro <marc(at)bloodnok(dot)com> writes:
> On Mon, 2020-02-17 at 22:48 -0500, Tom Lane wrote:
>> An RLS policy is a table "subsidiary object" so it only depends indirectly
>> on the extension that owns the table.
> Yep, I get that, and I see the dependency chain in the catalog.
> However an extension can create the table with or without the policy,
> and a table created by an extension without policy can later have a
> policy added, and, unless I'm missing something, the same dependency
> chain exists in either case.
> This means that I cannot tell whether the policy was added by the
> extension or not.
I can't get very excited about that, since the same argument could be
made about triggers, indexes, or rules attached to a table, but no
one has yet complained about those cases. It's fairly hard to see the
use-case where it matters, anyway. If you're attaching policies to
tables owned by an extension after-the-fact, you're modifying the
definition of an extension-owned object, which is at best really poor
practice. We say up-front that you cannot expect the extension
mechanism to track the effects of such changes.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nagaraj Raj | 2020-02-18 17:46:28 | DB running out of memory issues after upgrade |
| Previous Message | Marc Munro | 2020-02-18 16:53:06 | Re: policies and extensions |