David, * David R. Pike (david.pike@xxxxxxxxxxxxxxxxxxx) wrote: > From what I can understand the RLS implementation strives to execute policy checks before user provided predicate checks so as to avoid leaking protected data. Is there any way to make the join look "safe" to the optimizer to avoid full table scans? Isn't this a common scenario? You can use a security barrier view which is owned by the same user that the tables underneath are owned by, that will bypass RLS on the tables themselves and therefore you'll need to implement the appropriate quals in the security barrier view. As Tom mentions, we're working to improve RLS optimization as well. As is pretty common with various features, the initial implementation provides the functionality but perhaps isn't as performant as one might like, and then we iterate and improve it in the subsequent releases. Thanks! Stephen
Attachment:
signature.asc
Description: Digital signature
