| blob | 7ff39ae8c67dd085ad896e269132fcb40f63cf61 |
1 <!-- doc/src/sgml/ddl.sgml -->
6 <para>
7 This chapter covers how one creates the database structures that
8 will hold one's data. In a relational database, the raw data is
9 stored in tables, so the majority of this chapter is devoted to
10 explaining how tables are created and modified and what features are
11 available to control what data is stored in the tables.
12 Subsequently, we discuss how tables can be organized into
13 schemas, and how privileges can be assigned to tables. Finally,
14 we will briefly look at other features that affect the data storage,
15 such as inheritance, table partitioning, views, functions, and
16 triggers.
17 </para>
24 </indexterm>
26 <indexterm>
28 </indexterm>
30 <indexterm>
32 </indexterm>
34 <para>
35 A table in a relational database is much like a table on paper: It
36 consists of rows and columns. The number and order of the columns
37 is fixed, and each column has a name. The number of rows is
38 variable — it reflects how much data is stored at a given moment.
39 SQL does not make any guarantees about the order of the rows in a
40 table. When a table is read, the rows will appear in an unspecified order,
41 unless sorting is explicitly requested. This is covered in <xref
43 identifiers to rows, so it is possible to have several completely
44 identical rows in a table. This is a consequence of the
45 mathematical model that underlies SQL but is usually not desirable.
46 Later in this chapter we will see how to deal with this issue.
47 </para>
49 <para>
50 Each column has a data type. The data type constrains the set of
51 possible values that can be assigned to a column and assigns
52 semantics to the data stored in the column so that it can be used
53 for computations. For instance, a column declared to be of a
54 numerical type will not accept arbitrary text strings, and the data
55 stored in such a column can be used for mathematical computations.
56 By contrast, a column declared to be of a character string type
57 will accept almost any kind of data but it does not lend itself to
58 mathematical calculations, although other operations such as string
59 concatenation are available.
60 </para>
62 <para>
64 built-in data types that fit many applications. Users can also
65 define their own data types. Most built-in data types have obvious
66 names and semantics, so we defer a detailed explanation to <xref
72 containing both date and time.
73 </para>
75 <indexterm>
78 </indexterm>
80 <para>
81 To create a table, you use the aptly named <xref
83 In this command you specify at least a name for the new table, the
84 names of the columns and the data type of each column. For
85 example:
86 <programlisting>
87 CREATE TABLE my_first_table (
88 first_column text,
89 second_column integer
90 );
91 </programlisting>
93 two columns. The first column is named
97 The table and column names follow the identifier syntax explained
99 usually also identifiers, but there are some exceptions. Note that the
100 column list is comma-separated and surrounded by parentheses.
101 </para>
103 <para>
104 Of course, the previous example was heavily contrived. Normally,
105 you would give names to your tables and columns that convey what
106 kind of data they store. So let's look at a more realistic
107 example:
108 <programlisting>
109 CREATE TABLE products (
110 product_no integer,
111 name text,
112 price numeric
113 );
114 </programlisting>
116 would be typical of monetary amounts.)
117 </para>
119 <tip>
120 <para>
121 When you create many interrelated tables it is wise to choose a
122 consistent naming pattern for the tables and columns. For
123 instance, there is a choice of using singular or plural nouns for
124 table names, both of which are favored by some theorist or other.
125 </para>
126 </tip>
128 <para>
129 There is a limit on how many columns a table can contain.
131 However, defining a table with anywhere near this many columns is
132 highly unusual and often a questionable design.
133 </para>
135 <indexterm>
138 </indexterm>
140 <para>
141 If you no longer need a table, you can remove it using the <xref
143 For example:
144 <programlisting>
145 DROP TABLE my_first_table;
146 DROP TABLE products;
147 </programlisting>
148 Attempting to drop a table that does not exist is an error.
149 Nevertheless, it is common in SQL script files to unconditionally
150 try to drop each table before creating it, ignoring any error
151 messages, so that the script works whether or not the table exists.
153 to avoid the error messages, but this is not standard SQL.)
154 </para>
156 <para>
157 If you need to modify a table that already exists, see <xref
159 </para>
161 <para>
162 With the tools discussed so far you can create fully functional
163 tables. The remainder of this chapter is concerned with adding
164 features to the table definition to ensure data integrity,
165 security, or convenience. If you are eager to fill your tables with
167 rest of this chapter later.
168 </para>
169 </sect1>
176 </indexterm>
178 <para>
179 A column can be assigned a default value. When a new row is
180 created and no values are specified for some of the columns, those
181 columns will be filled with their respective default values. A
182 data manipulation command can also request explicitly that a column
183 be set to its default value, without having to know what that value is.
185 </para>
187 <para>
189 If no default value is declared explicitly, the default value is the
190 null value. This usually makes sense because a null value can
191 be considered to represent unknown data.
192 </para>
194 <para>
195 In a table definition, default values are listed after the column
196 data type. For example:
197 <programlisting>
198 CREATE TABLE products (
199 product_no integer,
200 name text,
202 );
203 </programlisting>
204 </para>
206 <para>
207 The default value can be an expression, which will be
208 evaluated whenever the default value is inserted
210 is for a <type>timestamp</type> column to have a default of <literal>CURRENT_TIMESTAMP</literal>,
211 so that it gets set to the time of row insertion. Another common
214 something like:
215 <programlisting>
216 CREATE TABLE products (
218 ...
219 );
220 </programlisting>
224 that there's a special shorthand for it:
225 <programlisting>
226 CREATE TABLE products (
228 ...
229 );
230 </programlisting>
233 </para>
234 </sect1>
241 </indexterm>
243 <para>
244 An identity column is a special column that is generated automatically from
245 an implicit sequence. It can be used to generate key values.
246 </para>
248 <para>
249 To create an identity column, use the <literal>GENERATED ...
251 <programlisting>
252 CREATE TABLE people (
254 ...,
255 );
256 </programlisting>
257 or alternatively
258 <programlisting>
259 CREATE TABLE people (
261 ...,
262 );
263 </programlisting>
265 </para>
267 <para>
269 identity column and no value is explicitly specified for the identity
270 column, then a value generated by the implicit sequence is inserted. For
271 example, with the above definitions and assuming additional appropriate
272 columns, writing
273 <programlisting>
274 INSERT INTO people (name, address) VALUES ('A', 'foo');
275 INSERT INTO people (name, address) VALUES ('B', 'bar');
276 </programlisting>
278 and result in the following table data:
279 <screen>
280 id | name | address
281 ----+------+---------
282 1 | A | foo
283 2 | B | bar
284 </screen>
286 place of a value to explicitly request the sequence-generated value, like
287 <programlisting>
289 </programlisting>
292 </para>
294 <para>
295 Thus, in many ways, an identity column behaves like a column with a default
296 value.
297 </para>
299 <para>
301 the column definition determine how explicitly user-specified values are
307 DEFAULT</literal> is selected, then the user-specified value takes
309 behavior more similar to default values, where the default value can be
311 some more protection against accidentally inserting an explicit value.
312 </para>
314 <para>
315 The data type of an identity column must be one of the data types supported
317 of the associated sequence may be specified when creating an identity
320 </para>
322 <para>
324 An identity column, however, does not guarantee uniqueness. (A sequence
325 normally returns unique values, but a sequence could be reset, or values
326 could be inserted manually into the identity column, as discussed above.)
329 </para>
331 <para>
332 In table inheritance hierarchies, identity columns and their properties in
333 a child table are independent of those in its parent tables. A child table
334 does not inherit identity columns or their properties automatically from
336 a column is treated as an identity column if that column is an identity
337 column in the table named in the statement, and the corresponding identity
338 properties are applied.
339 </para>
341 <para>
342 Partitions inherit identity columns from the partitioned table. They
343 cannot have their own identity columns. The properties of a given identity
344 column are consistent across all the partitions in the partition hierarchy.
345 </para>
346 </sect1>
353 </indexterm>
355 <para>
356 A generated column is a special column that is always computed from other
357 columns. Thus, it is for columns what a view is for tables. There are two
358 kinds of generated columns: stored and virtual. A stored generated column
359 is computed when it is written (inserted or updated) and occupies storage
360 as if it were a normal column. A virtual generated column occupies no
361 storage and is computed when it is read. Thus, a virtual generated column
362 is similar to a view and a stored generated column is similar to a
363 materialized view (except that it is always updated automatically).
365 </para>
367 <para>
368 To create a generated column, use the <literal>GENERATED ALWAYS
370 <programlisting>
371 CREATE TABLE people (
372 ...,
373 height_cm numeric,
375 );
376 </programlisting>
379 more details.
380 </para>
382 <para>
383 A generated column cannot be written to directly. In
385 cannot be specified for a generated column, but the keyword
387 </para>
389 <para>
390 Consider the differences between a column with a default and a generated
391 column. The column default is evaluated once when the row is first
392 inserted if no other value was provided; a generated column is updated
393 whenever the row changes and cannot be overridden. A column default may
394 not refer to other columns of the table; a generation expression would
395 normally do so. A column default can use volatile functions, for example
397 this is not allowed for generated columns.
398 </para>
400 <para>
401 Several restrictions apply to the definition of generated columns and
402 tables involving generated columns:
404 <itemizedlist>
405 <listitem>
406 <para>
407 The generation expression can only use immutable functions and cannot
408 use subqueries or reference anything other than the current row in any
409 way.
410 </para>
411 </listitem>
412 <listitem>
413 <para>
414 A generation expression cannot reference another generated column.
415 </para>
416 </listitem>
417 <listitem>
418 <para>
419 A generation expression cannot reference a system column, except
421 </para>
422 </listitem>
423 <listitem>
424 <para>
425 A generated column cannot have a column default or an identity definition.
426 </para>
427 </listitem>
428 <listitem>
429 <para>
430 A generated column cannot be part of a partition key.
431 </para>
432 </listitem>
433 <listitem>
434 <para>
435 Foreign tables can have generated columns. See <xref
437 </para>
438 </listitem>
439 <listitem>
441 <itemizedlist>
442 <listitem>
443 <para>
444 If a parent column is a generated column, its child column must also
445 be a generated column; however, the child column can have a
446 different generation expression. The generation expression that is
447 actually applied during insert or update of a row is the one
448 associated with the table that the row is physically in.
449 (This is unlike the behavior for column defaults: for those, the
450 default value associated with the table named in the query applies.)
451 </para>
452 </listitem>
453 <listitem>
454 <para>
455 If a parent column is not a generated column, its child column must
456 not be generated either.
457 </para>
458 </listitem>
459 <listitem>
460 <para>
461 For inherited tables, if you write a child column definition without
464 will automatically be copied from the parent. <command>ALTER TABLE
465 ... INHERIT</command> will insist that parent and child columns
466 already match as to generation status, but it will not require their
467 generation expressions to match.
468 </para>
469 </listitem>
470 <listitem>
471 <para>
472 Similarly for partitioned tables, if you write a child column
477 will insist that parent and child columns already match as to
478 generation status, but it will not require their generation
479 expressions to match.
480 </para>
481 </listitem>
482 <listitem>
483 <para>
484 In case of multiple inheritance, if one parent column is a generated
485 column, then all parent columns must be generated columns. If they
486 do not all have the same generation expression, then the desired
487 expression for the child must be specified explicitly.
488 </para>
489 </listitem>
490 </itemizedlist>
491 </listitem>
492 </itemizedlist>
493 </para>
495 <para>
496 Additional considerations apply to the use of generated columns.
497 <itemizedlist>
498 <listitem>
499 <para>
500 Generated columns maintain access privileges separately from their
501 underlying base columns. So, it is possible to arrange it so that a
502 particular role can read from a generated column but not from the
503 underlying base columns.
504 </para>
505 </listitem>
506 <listitem>
507 <para>
508 Generated columns are, conceptually, updated after
511 generated columns. But conversely, it is not allowed to access
513 </para>
514 </listitem>
515 <listitem>
516 <para>
517 Generated columns are allowed to be replicated during logical replication
523 </para>
524 </listitem>
525 </itemizedlist>
526 </para>
527 </sect1>
534 </indexterm>
536 <para>
537 Data types are a way to limit the kind of data that can be stored
538 in a table. For many applications, however, the constraint they
539 provide is too coarse. For example, a column containing a product
540 price should probably only accept positive values. But there is no
541 standard data type that accepts only positive numbers. Another issue is
542 that you might want to constrain column data with respect to other
543 columns or rows. For example, in a table containing product
544 information, there should be only one row for each product number.
545 </para>
547 <para>
548 To that end, SQL allows you to define constraints on columns and
549 tables. Constraints give you as much control over the data in your
550 tables as you wish. If a user attempts to store data in a column
551 that would violate a constraint, an error is raised. This applies
552 even if the value came from the default value definition.
553 </para>
558 <indexterm>
560 </indexterm>
562 <indexterm>
565 </indexterm>
567 <para>
568 A check constraint is the most generic constraint type. It allows
569 you to specify that the value in a certain column must satisfy a
570 Boolean (truth-value) expression. For instance, to require positive
571 product prices, you could use:
572 <programlisting>
573 CREATE TABLE products (
574 product_no integer,
575 name text,
577 );
578 </programlisting>
579 </para>
581 <para>
582 As you see, the constraint definition comes after the data type,
583 just like default value definitions. Default values and
584 constraints can be listed in any order. A check constraint
586 expression in parentheses. The check constraint expression should
587 involve the column thus constrained, otherwise the constraint
588 would not make too much sense.
589 </para>
591 <indexterm>
594 </indexterm>
596 <para>
597 You can also give the constraint a separate name. This clarifies
598 error messages and allows you to refer to the constraint when you
599 need to change it. The syntax is:
600 <programlisting>
601 CREATE TABLE products (
602 product_no integer,
603 name text,
605 );
606 </programlisting>
607 So, to specify a named constraint, use the key word
609 by the constraint definition. (If you don't specify a constraint
610 name in this way, the system chooses a name for you.)
611 </para>
613 <para>
614 A check constraint can also refer to several columns. Say you
615 store a regular price and a discounted price, and you want to
616 ensure that the discounted price is lower than the regular price:
617 <programlisting>
618 CREATE TABLE products (
619 product_no integer,
620 name text,
624 );
625 </programlisting>
626 </para>
628 <para>
629 The first two constraints should look familiar. The third one
630 uses a new syntax. It is not attached to a particular column,
631 instead it appears as a separate item in the comma-separated
632 column list. Column definitions and these constraint
633 definitions can be listed in mixed order.
634 </para>
636 <para>
637 We say that the first two constraints are column constraints, whereas the
638 third one is a table constraint because it is written separately
639 from any one column definition. Column constraints can also be
640 written as table constraints, while the reverse is not necessarily
641 possible, since a column constraint is supposed to refer to only the
643 enforce that rule, but you should follow it if you want your table
644 definitions to work with other database systems.) The above example could
645 also be written as:
646 <programlisting>
647 CREATE TABLE products (
648 product_no integer,
649 name text,
650 price numeric,
652 discounted_price numeric,
654 CHECK (price > discounted_price)
655 );
656 </programlisting>
657 or even:
658 <programlisting>
659 CREATE TABLE products (
660 product_no integer,
661 name text,
663 discounted_price numeric,
665 );
666 </programlisting>
667 It's a matter of taste.
668 </para>
670 <para>
671 Names can be assigned to table constraints in the same way as
672 column constraints:
673 <programlisting>
674 CREATE TABLE products (
675 product_no integer,
676 name text,
677 price numeric,
679 discounted_price numeric,
682 );
683 </programlisting>
684 </para>
686 <indexterm>
689 </indexterm>
691 <para>
692 It should be noted that a check constraint is satisfied if the
693 check expression evaluates to true or the null value. Since most
694 expressions will evaluate to the null value if any operand is null,
695 they will not prevent null values in the constrained columns. To
696 ensure that a column does not contain null values, the not-null
697 constraint described in the next section can be used.
698 </para>
700 <note>
701 <para>
705 constraint that violates this rule may appear to work in simple
706 tests, it cannot guarantee that the database will not reach a state
707 in which the constraint condition is false (due to subsequent changes
708 of the other row(s) involved). This would cause a database dump and
709 restore to fail. The restore could fail even when the complete
710 database state is consistent with the constraint, due to rows not
711 being loaded in an order that will satisfy the constraint. If
714 cross-row and cross-table restrictions.
715 </para>
717 <para>
718 If what you desire is a one-time check against other rows at row
719 insertion, rather than a continuously-maintained consistency
721 to implement that. (This approach avoids the dump/restore problem because
723 restoring data, so that the check will not be enforced during a
724 dump/restore.)
725 </para>
726 </note>
728 <note>
729 <para>
732 is, they will always give the same result for the same input row.
734 constraints only when rows are inserted or updated, and not at other
735 times. (The warning above about not referencing other table data is
736 really a special case of this restriction.)
737 </para>
739 <para>
740 An example of a common way to break this assumption is to reference a
742 then change the behavior of that
744 that, but it will not notice if there are rows in the table that now
746 subsequent database dump and restore to fail.
747 The recommended way to handle such a change is to drop the constraint
749 and re-add the constraint, thereby rechecking it against all table rows.
750 </para>
751 </note>
752 </sect2>
757 <indexterm>
759 </indexterm>
761 <indexterm>
764 </indexterm>
766 <para>
767 A not-null constraint simply specifies that a column must not
768 assume the null value. A syntax example:
769 <programlisting>
770 CREATE TABLE products (
773 price numeric
774 );
775 </programlisting>
776 An explicit constraint name can also be specified, for example:
777 <programlisting>
778 CREATE TABLE products (
779 product_no integer NOT NULL,
781 price numeric
782 );
783 </programlisting>
784 </para>
786 <para>
787 A not-null constraint is usually written as a column constraint. The
788 syntax for writing it as a table constraint is
789 <programlisting>
790 CREATE TABLE products (
791 product_no integer,
792 name text,
793 price numeric,
796 );
797 </programlisting>
798 But this syntax is not standard and mainly intended for use by
800 </para>
802 <para>
803 A not-null constraint is functionally equivalent to creating a check
805 IS NOT NULL)</literal>, but in
807 not-null constraint is more efficient.
808 </para>
810 <para>
811 Of course, a column can have more than one constraint. Just write
812 the constraints one after another:
813 <programlisting>
814 CREATE TABLE products (
815 product_no integer NOT NULL,
816 name text NOT NULL,
818 );
819 </programlisting>
820 The order doesn't matter. It does not necessarily determine in which
821 order the constraints are checked.
822 </para>
824 <para>
825 However, a column can have at most one explicit not-null constraint.
826 </para>
828 <para>
831 column must be null, which would surely be useless. Instead, this
832 simply selects the default behavior that the column might be null.
834 standard and should not be used in portable applications. (It was
836 compatible with some other database systems.) Some users, however,
837 like it because it makes it easy to toggle the constraint in a
838 script file. For example, you could start with:
839 <programlisting>
840 CREATE TABLE products (
841 product_no integer NULL,
842 name text NULL,
843 price numeric NULL
844 );
845 </programlisting>
847 </para>
849 <tip>
850 <para>
851 In most database designs the majority of columns should be marked
852 not null.
853 </para>
854 </tip>
855 </sect2>
860 <indexterm>
862 </indexterm>
864 <indexterm>
867 </indexterm>
869 <para>
870 Unique constraints ensure that the data contained in a column, or a
871 group of columns, is unique among all the rows in the
872 table. The syntax is:
873 <programlisting>
874 CREATE TABLE products (
876 name text,
877 price numeric
878 );
879 </programlisting>
880 when written as a column constraint, and:
881 <programlisting>
882 CREATE TABLE products (
883 product_no integer,
884 name text,
885 price numeric,
887 );
888 </programlisting>
889 when written as a table constraint.
890 </para>
892 <para>
893 To define a unique constraint for a group of columns, write it as a
894 table constraint with the column names separated by commas:
895 <programlisting>
896 CREATE TABLE example (
897 a integer,
898 b integer,
899 c integer,
901 );
902 </programlisting>
903 This specifies that the combination of values in the indicated columns
904 is unique across the whole table, though any one of the columns
905 need not be (and ordinarily isn't) unique.
906 </para>
908 <para>
909 You can assign your own name for a unique constraint, in the usual way:
910 <programlisting>
911 CREATE TABLE products (
913 name text,
914 price numeric
915 );
916 </programlisting>
917 </para>
919 <para>
920 Adding a unique constraint will automatically create a unique B-tree
921 index on the column or group of columns listed in the constraint.
922 A uniqueness restriction covering only some rows cannot be written as
923 a unique constraint, but it is possible to enforce such a restriction by
925 </para>
927 <indexterm>
930 </indexterm>
932 <para>
933 In general, a unique constraint is violated if there is more than
934 one row in the table where the values of all of the
935 columns included in the constraint are equal.
936 By default, two null values are not considered equal in this
937 comparison. That means even in the presence of a
938 unique constraint it is possible to store duplicate
939 rows that contain a null value in at least one of the constrained
940 columns. This behavior can be changed by adding the clause <literal>NULLS
941 NOT DISTINCT</literal>, like
942 <programlisting>
943 CREATE TABLE products (
945 name text,
946 price numeric
947 );
948 </programlisting>
949 or
950 <programlisting>
951 CREATE TABLE products (
952 product_no integer,
953 name text,
954 price numeric,
956 );
957 </programlisting>
958 The default behavior can be specified explicitly using <literal>NULLS
959 DISTINCT</literal>. The default null treatment in unique constraints is
960 implementation-defined according to the SQL standard, and other
961 implementations have a different behavior. So be careful when developing
962 applications that are intended to be portable.
963 </para>
964 </sect2>
969 <indexterm>
971 </indexterm>
973 <indexterm>
976 </indexterm>
978 <para>
979 A primary key constraint indicates that a column, or group of columns,
980 can be used as a unique identifier for rows in the table. This
981 requires that the values be both unique and not null. So, the following
982 two table definitions accept the same data:
983 <programlisting>
984 CREATE TABLE products (
985 product_no integer UNIQUE NOT NULL,
986 name text,
987 price numeric
988 );
989 </programlisting>
991 <programlisting>
992 CREATE TABLE products (
994 name text,
995 price numeric
996 );
997 </programlisting>
998 </para>
1000 <para>
1001 Primary keys can span more than one column; the syntax
1002 is similar to unique constraints:
1003 <programlisting>
1004 CREATE TABLE example (
1005 a integer,
1006 b integer,
1007 c integer,
1009 );
1010 </programlisting>
1011 </para>
1013 <para>
1014 Adding a primary key will automatically create a unique B-tree index
1015 on the column or group of columns listed in the primary key, and will
1017 </para>
1019 <para>
1020 A table can have at most one primary key. (There can be any number
1021 of unique constraints, which combined with not-null constraints are functionally almost the
1022 same thing, but only one can be identified as the primary key.)
1023 Relational database theory
1024 dictates that every table must have a primary key. This rule is
1026 usually best to follow it.
1027 </para>
1029 <para>
1030 Primary keys are useful both for
1031 documentation purposes and for client applications. For example,
1032 a GUI application that allows modifying row values probably needs
1033 to know the primary key of a table to be able to identify rows
1034 uniquely. There are also various ways in which the database system
1035 makes use of a primary key if one has been declared; for example,
1036 the primary key defines the default target column(s) for foreign keys
1037 referencing its table.
1038 </para>
1039 </sect2>
1044 <indexterm>
1046 </indexterm>
1048 <indexterm>
1051 </indexterm>
1053 <indexterm>
1055 </indexterm>
1057 <para>
1058 A foreign key constraint specifies that the values in a column (or
1059 a group of columns) must match the values appearing in some row
1060 of another table.
1061 We say this maintains the <firstterm>referential
1062 integrity</firstterm> between two related tables.
1063 </para>
1065 <para>
1066 Say you have the product table that we have used several times already:
1067 <programlisting>
1068 CREATE TABLE products (
1069 product_no integer PRIMARY KEY,
1070 name text,
1071 price numeric
1072 );
1073 </programlisting>
1074 Let's also assume you have a table storing orders of those
1075 products. We want to ensure that the orders table only contains
1076 orders of products that actually exist. So we define a foreign
1077 key constraint in the orders table that references the products
1078 table:
1079 <programlisting>
1080 CREATE TABLE orders (
1081 order_id integer PRIMARY KEY,
1083 quantity integer
1084 );
1085 </programlisting>
1086 Now it is impossible to create orders with non-NULL
1088 products table.
1089 </para>
1091 <para>
1092 We say that in this situation the orders table is the
1095 referencing and referenced columns.
1096 </para>
1098 <para>
1099 You can also shorten the above command to:
1100 <programlisting>
1101 CREATE TABLE orders (
1102 order_id integer PRIMARY KEY,
1104 quantity integer
1105 );
1106 </programlisting>
1107 because in absence of a column list the primary key of the
1108 referenced table is used as the referenced column(s).
1109 </para>
1111 <para>
1112 You can assign your own name for a foreign key constraint,
1113 in the usual way.
1114 </para>
1116 <para>
1117 A foreign key can also constrain and reference a group of columns.
1118 As usual, it then needs to be written in table constraint form.
1119 Here is a contrived syntax example:
1120 <programlisting>
1121 CREATE TABLE t1 (
1122 a integer PRIMARY KEY,
1123 b integer,
1124 c integer,
1126 );
1127 </programlisting>
1128 Of course, the number and type of the constrained columns need to
1129 match the number and type of the referenced columns.
1130 </para>
1132 <indexterm>
1135 </indexterm>
1137 <para>
1139 foreign key constraint to be the same table; this is called
1141 example, if you want rows of a table to represent nodes of a tree
1142 structure, you could write
1143 <programlisting>
1144 CREATE TABLE tree (
1145 node_id integer PRIMARY KEY,
1146 parent_id integer REFERENCES tree,
1147 name text,
1148 ...
1149 );
1150 </programlisting>
1153 constrained to reference valid rows of the table.
1154 </para>
1156 <para>
1157 A table can have more than one foreign key constraint. This is
1158 used to implement many-to-many relationships between tables. Say
1159 you have tables about products and orders, but now you want to
1160 allow one order to contain possibly many products (which the
1161 structure above did not allow). You could use this table structure:
1162 <programlisting>
1163 CREATE TABLE products (
1164 product_no integer PRIMARY KEY,
1165 name text,
1166 price numeric
1167 );
1169 CREATE TABLE orders (
1170 order_id integer PRIMARY KEY,
1171 shipping_address text,
1172 ...
1173 );
1175 CREATE TABLE order_items (
1176 product_no integer REFERENCES products,
1177 order_id integer REFERENCES orders,
1178 quantity integer,
1179 PRIMARY KEY (product_no, order_id)
1180 );
1181 </programlisting>
1182 Notice that the primary key overlaps with the foreign keys in
1183 the last table.
1184 </para>
1186 <indexterm>
1189 </indexterm>
1191 <indexterm>
1194 </indexterm>
1196 <para>
1197 We know that the foreign keys disallow creation of orders that
1198 do not relate to any products. But what if a product is removed
1199 after an order is created that references it? SQL allows you to
1200 handle that as well. Intuitively, we have a few options:
1205 </itemizedlist>
1206 </para>
1208 <para>
1209 To illustrate this, let's implement the following policy on the
1210 many-to-many relationship example above: when someone wants to
1211 remove a product that is still referenced by an order (via
1213 removes an order, the order items are removed as well:
1214 <programlisting>
1215 CREATE TABLE products (
1216 product_no integer PRIMARY KEY,
1217 name text,
1218 price numeric
1219 );
1221 CREATE TABLE orders (
1222 order_id integer PRIMARY KEY,
1223 shipping_address text,
1224 ...
1225 );
1227 CREATE TABLE order_items (
1230 quantity integer,
1231 PRIMARY KEY (product_no, order_id)
1232 );
1233 </programlisting>
1234 </para>
1236 <para>
1238 ACTION</literal>; this does not need to be specified. This means that the
1239 deletion in the referenced table is allowed to proceed. But the
1240 foreign-key constraint is still required to be satisfied, so this
1241 operation will usually result in an error. But checking of foreign-key
1242 constraints can also be deferred to later in the transaction (not covered
1245 constraint is checked, for example by inserting another suitable row into
1246 the referenced table or by deleting the now-dangling rows from the
1247 referencing table.
1248 </para>
1250 <para>
1252 ACTION</literal>. It prevents deletion of a referenced row.
1254 later in the transaction.
1255 </para>
1257 <para>
1259 row(s) referencing it should be automatically deleted as well.
1260 </para>
1262 <para>
1263 There are two other options:
1265 These cause the referencing column(s) in the referencing row(s)
1266 to be set to nulls or their default
1267 values, respectively, when the referenced row is deleted.
1268 Note that these do not excuse you from observing any constraints.
1270 but the default value would not satisfy the foreign key constraint, the
1271 operation will fail.
1272 </para>
1274 <para>
1276 what kinds of objects the related tables represent. When the referencing
1277 table represents something that is a component of what is represented by
1278 the referenced table and cannot exist independently, then
1282 actually wants to delete both objects would then have to be explicit about
1283 this and run two delete commands. In the above example, order items are
1284 part of an order, and it is convenient if they are deleted automatically
1285 if an order is deleted. But products and orders are different things, and
1286 so making a deletion of a product automatically cause the deletion of some
1287 order items could be considered problematic. The actions <literal>SET
1289 foreign-key relationship represents optional information. For example, if
1290 the products table contained a reference to a product manager, and the
1291 product manager entry gets deleted, then setting the product's product
1292 manager to null or a default might be useful.
1293 </para>
1295 <para>
1297 can take a column list to specify which columns to set. Normally, all
1298 columns of the foreign-key constraint are set; setting only a subset is
1299 useful in some special cases. Consider the following example:
1300 <programlisting>
1301 CREATE TABLE tenants (
1302 tenant_id integer PRIMARY KEY
1303 );
1305 CREATE TABLE users (
1306 tenant_id integer REFERENCES tenants ON DELETE CASCADE,
1307 user_id integer NOT NULL,
1308 PRIMARY KEY (tenant_id, user_id)
1309 );
1311 CREATE TABLE posts (
1312 tenant_id integer REFERENCES tenants ON DELETE CASCADE,
1313 post_id integer NOT NULL,
1314 author_id integer,
1315 PRIMARY KEY (tenant_id, post_id),
1316 FOREIGN KEY (tenant_id, author_id) REFERENCES users ON DELETE SET NULL <emphasis>(author_id)</emphasis>
1317 );
1318 </programlisting>
1319 Without the specification of the column, the foreign key would also set
1321 required as part of the primary key.
1322 </para>
1324 <para>
1327 column is changed (updated). The possible actions are the same,
1328 except that column lists cannot be specified for <literal>SET
1331 referenced column(s) should be copied into the referencing row(s).
1332 There is also a noticeable difference between <literal>ON UPDATE NO
1334 The former will allow the update to proceed and the foreign-key constraint
1335 will be checked against the state after the update. The latter will
1336 prevent the update to run even if the state after the update would still
1337 satisfy the constraint. This prevents updating a referenced row to a
1338 value that is distinct but compares as equal (for example, a character
1339 string with a different case variant, if a character string type with a
1340 case-insensitive collation is used).
1341 </para>
1343 <para>
1344 Normally, a referencing row need not satisfy the foreign key constraint
1346 is added to the foreign key declaration, a referencing row escapes
1347 satisfying the constraint only if all its referencing columns are null
1348 (so a mix of null and non-null values is guaranteed to fail a
1350 to be able to avoid satisfying the foreign key constraint, declare the
1352 </para>
1354 <para>
1355 A foreign key must reference columns that either are a primary key or
1356 form a unique constraint, or are columns from a non-partial unique index.
1357 This means that the referenced columns always have an index to allow
1358 efficient lookups on whether a referencing row has a match. Since a
1361 the referencing table for rows matching the old value, it is often a good
1362 idea to index the referencing columns too. Because this is not always
1363 needed, and there are many choices available on how to index, the
1364 declaration of a foreign key constraint does not automatically create an
1365 index on the referencing columns.
1366 </para>
1368 <para>
1369 More information about updating and deleting data is in <xref
1371 syntax in the reference documentation for
1373 </para>
1374 </sect2>
1379 <indexterm>
1381 </indexterm>
1383 <indexterm>
1386 </indexterm>
1388 <para>
1389 Exclusion constraints ensure that if any two rows are compared on
1390 the specified columns or expressions using the specified operators,
1391 at least one of these operator comparisons will return false or null.
1392 The syntax is:
1393 <programlisting>
1394 CREATE TABLE circles (
1395 c circle,
1396 EXCLUDE USING gist (c WITH &&)
1397 );
1398 </programlisting>
1399 </para>
1401 <para>
1403 TABLE ... CONSTRAINT ... EXCLUDE</command></link> for details.
1404 </para>
1406 <para>
1407 Adding an exclusion constraint will automatically create an index
1408 of the type specified in the constraint declaration.
1409 </para>
1410 </sect2>
1411 </sect1>
1416 <para>
1418 implicitly defined by the system. Therefore, these names cannot be
1419 used as names of user-defined columns. (Note that these
1420 restrictions are separate from whether the name is a key word or
1421 not; quoting a name will not allow you to escape these
1422 restrictions.) You do not really need to be concerned about these
1423 columns; just know they exist.
1424 </para>
1426 <indexterm>
1429 </indexterm>
1431 <variablelist>
1434 <listitem>
1435 <indexterm>
1437 </indexterm>
1439 <para>
1440 The OID of the table containing this row. This column is
1441 particularly handy for queries that select from partitioned
1444 it's difficult to tell which individual table a row came from. The
1448 </para>
1449 </listitem>
1450 </varlistentry>
1454 <listitem>
1455 <indexterm>
1457 </indexterm>
1459 <para>
1460 The identity (transaction ID) of the inserting transaction for
1461 this row version. (A row version is an individual state of a
1462 row; each update of a row creates a new row version for the same
1463 logical row.)
1464 </para>
1465 </listitem>
1466 </varlistentry>
1470 <listitem>
1471 <indexterm>
1473 </indexterm>
1475 <para>
1476 The command identifier (starting at zero) within the inserting
1477 transaction.
1478 </para>
1479 </listitem>
1480 </varlistentry>
1484 <listitem>
1485 <indexterm>
1487 </indexterm>
1489 <para>
1490 The identity (transaction ID) of the deleting transaction, or
1491 zero for an undeleted row version. It is possible for this column to
1492 be nonzero in a visible row version. That usually indicates that the
1493 deleting transaction hasn't committed yet, or that an attempted
1494 deletion was rolled back.
1495 </para>
1496 </listitem>
1497 </varlistentry>
1501 <listitem>
1502 <indexterm>
1504 </indexterm>
1506 <para>
1507 The command identifier within the deleting transaction, or zero.
1508 </para>
1509 </listitem>
1510 </varlistentry>
1514 <listitem>
1515 <indexterm>
1517 </indexterm>
1519 <para>
1520 The physical location of the row version within its table. Note that
1522 locate the row version very quickly, a row's
1526 identifier. A primary key should be used to identify logical rows.
1527 </para>
1528 </listitem>
1529 </varlistentry>
1530 </variablelist>
1532 <para>
1533 Transaction identifiers are also 32-bit quantities. In a
1534 long-lived database it is possible for transaction IDs to wrap
1535 around. This is not a fatal problem given appropriate maintenance
1537 unwise, however, to depend on the uniqueness of transaction IDs
1538 over the long term (more than one billion transactions).
1539 </para>
1541 <para>
1542 Command identifiers are also 32-bit quantities. This creates a hard limit
1544 within a single transaction. In practice this limit is not a
1545 problem — note that the limit is on the number of
1547 Also, only commands that actually modify the database contents will
1548 consume a command identifier.
1549 </para>
1550 </sect1>
1558 </indexterm>
1560 <para>
1561 When you create a table and you realize that you made a mistake, or
1562 the requirements of the application change, you can drop the
1563 table and create it again. But this is not a convenient option if
1564 the table is already filled with data, or if the table is
1565 referenced by other database objects (for instance a foreign key
1567 provides a family of commands to make modifications to existing
1568 tables. Note that this is conceptually distinct from altering
1569 the data contained in the table: here we are interested in altering
1570 the definition, or structure, of the table.
1571 </para>
1573 <para>
1574 You can:
1576 <listitem>
1578 </listitem>
1579 <listitem>
1581 </listitem>
1582 <listitem>
1584 </listitem>
1585 <listitem>
1587 </listitem>
1588 <listitem>
1590 </listitem>
1591 <listitem>
1593 </listitem>
1594 <listitem>
1596 </listitem>
1597 <listitem>
1599 </listitem>
1600 </itemizedlist>
1602 All these actions are performed using the
1604 command, whose reference page contains details beyond those given
1605 here.
1606 </para>
1611 <indexterm>
1614 </indexterm>
1616 <para>
1617 To add a column, use a command like:
1618 <programlisting>
1619 ALTER TABLE products ADD COLUMN description text;
1620 </programlisting>
1621 The new column is initially filled with whatever default
1623 </para>
1625 <tip>
1626 <para>
1628 a constant default value no longer means that each row of the table
1630 is executed. Instead, the default value will be returned the next time
1631 the row is accessed, and applied when the table is rewritten, making
1633 </para>
1635 <para>
1636 However, if the default value is volatile (e.g.,
1638 each row will need to be updated with the value calculated at the time
1640 lengthy update operation, particularly if you intend to fill the column
1641 with mostly nondefault values anyway, it may be preferable to add the
1642 column with no default, insert the correct values using
1644 below.
1645 </para>
1646 </tip>
1648 <para>
1649 You can also define constraints on the column at the same time,
1650 using the usual syntax:
1651 <programlisting>
1652 ALTER TABLE products ADD COLUMN description text CHECK (description <> '');
1653 </programlisting>
1654 In fact all the options that can be applied to a column description
1656 that the default value must satisfy the given constraints, or the
1658 constraints later (see below) after you've filled in the new column
1659 correctly.
1660 </para>
1662 </sect2>
1667 <indexterm>
1670 </indexterm>
1672 <para>
1673 To remove a column, use a command like:
1674 <programlisting>
1675 ALTER TABLE products DROP COLUMN description;
1676 </programlisting>
1677 Whatever data was in the column disappears. Table constraints involving
1678 the column are dropped, too. However, if the column is referenced by a
1679 foreign key constraint of another table,
1681 constraint. You can authorize dropping everything that depends on
1683 <programlisting>
1684 ALTER TABLE products DROP COLUMN description CASCADE;
1685 </programlisting>
1687 mechanism behind this.
1688 </para>
1689 </sect2>
1694 <indexterm>
1697 </indexterm>
1699 <para>
1700 To add a constraint, the table constraint syntax is used. For example:
1701 <programlisting>
1702 ALTER TABLE products ADD CHECK (name <> '');
1703 ALTER TABLE products ADD CONSTRAINT some_name UNIQUE (product_no);
1704 ALTER TABLE products ADD FOREIGN KEY (product_group_id) REFERENCES product_groups;
1705 </programlisting>
1706 </para>
1708 <para>
1709 To add a not-null constraint, which is normally not written as a table
1710 constraint, this special syntax is available:
1711 <programlisting>
1712 ALTER TABLE products ALTER COLUMN product_no SET NOT NULL;
1713 </programlisting>
1714 This command silently does nothing if the column already has a
1715 not-null constraint.
1716 </para>
1718 <para>
1719 The constraint will be checked immediately, so the table data must
1720 satisfy the constraint before it can be added.
1721 </para>
1722 </sect2>
1727 <indexterm>
1730 </indexterm>
1732 <para>
1733 To remove a constraint you need to know its name. If you gave it
1734 a name then that's easy. Otherwise the system assigned a
1735 generated name, which you need to find out. The
1738 here; other interfaces might also provide a way to inspect table
1739 details. Then the command is:
1740 <programlisting>
1741 ALTER TABLE products DROP CONSTRAINT some_name;
1742 </programlisting>
1744 don't forget that you'll need to double-quote it to make it a valid
1745 identifier.)
1746 </para>
1748 <para>
1750 want to drop a constraint that something else depends on. An example
1751 is that a foreign key constraint depends on a unique or primary key
1752 constraint on the referenced column(s).
1753 </para>
1755 <para>
1756 Simplified syntax is available to drop a not-null constraint:
1757 <programlisting>
1758 ALTER TABLE products ALTER COLUMN product_no DROP NOT NULL;
1759 </programlisting>
1761 not-null constraint. This command will silently do nothing if the column
1762 does not have a not-null constraint. (Recall that a column can have at
1763 most one not-null constraint, so it is never ambiguous which constraint
1764 this command acts on.)
1765 </para>
1766 </sect2>
1771 <indexterm>
1774 </indexterm>
1776 <para>
1777 To set a new default for a column, use a command like:
1778 <programlisting>
1779 ALTER TABLE products ALTER COLUMN price SET DEFAULT 7.77;
1780 </programlisting>
1781 Note that this doesn't affect any existing rows in the table, it
1783 </para>
1785 <para>
1786 To remove any default value, use:
1787 <programlisting>
1788 ALTER TABLE products ALTER COLUMN price DROP DEFAULT;
1789 </programlisting>
1790 This is effectively the same as setting the default to null.
1791 As a consequence, it is not an error
1792 to drop a default where one hadn't been defined, because the
1793 default is implicitly the null value.
1794 </para>
1795 </sect2>
1800 <indexterm>
1803 </indexterm>
1805 <para>
1806 To convert a column to a different data type, use a command like:
1807 <programlisting>
1809 </programlisting>
1810 This will succeed only if each existing entry in the column can be
1811 converted to the new type by an implicit cast. If a more complex
1813 specifies how to compute the new values from the old.
1814 </para>
1816 <para>
1818 default value (if any) to the new type, as well as any constraints
1819 that involve the column. But these conversions might fail, or might
1820 produce surprising results. It's often best to drop any constraints
1821 on the column before altering its type, and then add back suitably
1822 modified constraints afterwards.
1823 </para>
1824 </sect2>
1829 <indexterm>
1832 </indexterm>
1834 <para>
1835 To rename a column:
1836 <programlisting>
1837 ALTER TABLE products RENAME COLUMN product_no TO product_number;
1838 </programlisting>
1839 </para>
1840 </sect2>
1845 <indexterm>
1848 </indexterm>
1850 <para>
1851 To rename a table:
1852 <programlisting>
1853 ALTER TABLE products RENAME TO items;
1854 </programlisting>
1855 </para>
1856 </sect2>
1857 </sect1>
1864 </indexterm>
1866 <indexterm>
1869 </indexterm>
1873 </indexterm>
1877 </indexterm>
1881 </indexterm>
1885 </indexterm>
1890 </indexterm>
1892 <para>
1893 When an object is created, it is assigned an owner. The
1894 owner is normally the role that executed the creation statement.
1895 For most kinds of objects, the initial state is that only the owner
1896 (or a superuser) can do anything with the object. To allow
1898 granted.
1899 </para>
1901 <para>
1908 The privileges applicable to a particular
1909 object vary depending on the object's type (table, function, etc.).
1910 More detail about the meanings of these privileges appears below.
1911 The following sections and chapters will also show you how
1912 these privileges are used.
1913 </para>
1915 <para>
1916 The right to modify or destroy an object is inherent in being the
1917 object's owner, and cannot be granted or revoked in itself.
1918 (However, like all privileges, that right can be inherited by
1920 </para>
1922 <para>
1924 command of the appropriate kind for the object, for example
1925 <programlisting>
1926 ALTER TABLE <replaceable>table_name</replaceable> OWNER TO <replaceable>new_owner</replaceable>;
1927 </programlisting>
1928 Superusers can always do this; ordinary roles can only do it if they are
1929 both the current owner of the object (or inherit the privileges of the
1931 </para>
1933 <para>
1937 update the table can be granted with:
1938 <programlisting>
1939 GRANT UPDATE ON accounts TO joe;
1940 </programlisting>
1942 privileges that are relevant for the object type.
1943 </para>
1945 <para>
1947 be used to grant a privilege to every role on the system. Also,
1949 there are many users of a database — for details see
1951 </para>
1953 <para>
1954 To revoke a previously-granted privilege, use the fittingly named
1956 <programlisting>
1957 REVOKE ALL ON accounts FROM PUBLIC;
1958 </programlisting>
1959 </para>
1961 <para>
1962 Ordinarily, only the object's owner (or a superuser) can grant or
1963 revoke privileges on an object. However, it is possible to grant a
1965 the right to grant it in turn to others. If the grant option is
1966 subsequently revoked then all who received the privilege from that
1967 recipient (directly or through a chain of grants) will lose the
1970 </para>
1972 <para>
1973 An object's owner can choose to revoke their own ordinary privileges,
1974 for example to make a table read-only for themselves as well as others.
1975 But owners are always treated as holding all grant options, so they
1976 can always re-grant their own privileges.
1977 </para>
1979 <para>
1980 The available privileges are:
1982 <variablelist>
1985 <listitem>
1986 <para>
1988 any column, or specific column(s), of a table, view, materialized
1989 view, or other table-like object.
1991 This privilege is also needed to reference existing column values in
1994 For sequences, this privilege also allows use of the
1996 For large objects, this privilege allows the object to be read.
1997 </para>
1998 </listitem>
1999 </varlistentry>
2003 <listitem>
2004 <para>
2006 etc. Can be granted on specific column(s), in which case
2008 command (other columns will therefore receive default values).
2010 </para>
2011 </listitem>
2012 </varlistentry>
2016 <listitem>
2017 <para>
2019 column, or specific column(s), of a table, view, etc.
2022 reference table columns to determine which rows to update, and/or to
2023 compute new values for columns.)
2026 also require this privilege on at least one column, in addition to the
2030 For large objects, this privilege allows writing or truncating the
2031 object.
2032 </para>
2033 </listitem>
2034 </varlistentry>
2038 <listitem>
2039 <para>
2043 reference table columns to determine which rows to delete.)
2044 </para>
2045 </listitem>
2046 </varlistentry>
2050 <listitem>
2051 <para>
2053 </para>
2054 </listitem>
2055 </varlistentry>
2059 <listitem>
2060 <para>
2061 Allows creation of a foreign key constraint referencing a
2062 table, or specific column(s) of a table.
2063 </para>
2064 </listitem>
2065 </varlistentry>
2069 <listitem>
2070 <para>
2071 Allows creation of a trigger on a table, view, etc.
2072 </para>
2073 </listitem>
2074 </varlistentry>
2078 <listitem>
2079 <para>
2080 For databases, allows new schemas and publications to be created within
2081 the database, and allows trusted extensions to be installed within
2082 the database.
2083 </para>
2084 <para>
2085 For schemas, allows new objects to be created within the schema.
2086 To rename an existing object, you must own the
2088 schema.
2089 </para>
2090 <para>
2091 For tablespaces, allows tables, indexes, and temporary files to be
2092 created within the tablespace, and allows databases to be created that
2093 have the tablespace as their default tablespace.
2094 </para>
2095 <para>
2096 Note that revoking this privilege will not alter the existence or
2097 location of existing objects.
2098 </para>
2099 </listitem>
2100 </varlistentry>
2104 <listitem>
2105 <para>
2106 Allows the grantee to connect to the database. This
2107 privilege is checked at connection startup (in addition to checking
2109 </para>
2110 </listitem>
2111 </varlistentry>
2115 <listitem>
2116 <para>
2117 Allows temporary tables to be created while using the database.
2118 </para>
2119 </listitem>
2120 </varlistentry>
2124 <listitem>
2125 <para>
2126 Allows calling a function or procedure, including use of
2127 any operators that are implemented on top of the function. This is the
2128 only type of privilege that is applicable to functions and procedures.
2129 </para>
2130 </listitem>
2131 </varlistentry>
2135 <listitem>
2136 <para>
2137 For procedural languages, allows use of the language for
2138 the creation of functions in that language. This is the only type
2139 of privilege that is applicable to procedural languages.
2140 </para>
2141 <para>
2142 For schemas, allows access to objects contained in the
2143 schema (assuming that the objects' own privilege requirements are
2145 objects within the schema. Without this permission, it is still
2146 possible to see the object names, e.g., by querying system catalogs.
2147 Also, after revoking this permission, existing sessions might have
2148 statements that have previously performed this lookup, so this is not
2149 a completely secure way to prevent object access.
2150 </para>
2151 <para>
2152 For sequences, allows use of the
2154 </para>
2155 <para>
2156 For types and domains, allows use of the type or domain in the
2157 creation of tables, functions, and other schema objects. (Note that
2159 type, such as values of the type appearing in queries. It only
2160 prevents objects from being created that depend on the type. The
2161 main purpose of this privilege is controlling which users can create
2162 dependencies on a type, which could prevent the owner from changing
2163 the type later.)
2164 </para>
2165 <para>
2166 For foreign-data wrappers, allows creation of new servers using the
2167 foreign-data wrapper.
2168 </para>
2169 <para>
2170 For foreign servers, allows creation of foreign tables using the
2171 server. Grantees may also create, alter, or drop their own user
2172 mappings associated with that server.
2173 </para>
2174 </listitem>
2175 </varlistentry>
2179 <listitem>
2180 <para>
2181 Allows a server configuration parameter to be set to a new value
2182 within the current session. (While this privilege can be granted
2183 on any parameter, it is meaningless except for parameters that would
2184 normally require superuser privilege to set.)
2185 </para>
2186 </listitem>
2187 </varlistentry>
2191 <listitem>
2192 <para>
2193 Allows a server configuration parameter to be configured to a new
2195 </para>
2196 </listitem>
2197 </varlistentry>
2201 <listitem>
2202 <para>
2206 relation.
2207 </para>
2208 </listitem>
2209 </varlistentry>
2210 </variablelist>
2212 The privileges required by other commands are listed on the
2213 reference page of the respective command.
2214 </para>
2217 PostgreSQL grants privileges on some types of objects to
2220 tables,
2221 table columns,
2222 sequences,
2223 foreign data wrappers,
2224 foreign servers,
2225 large objects,
2226 schemas,
2227 tablespaces,
2228 or configuration parameters.
2229 For other types of objects, the default privileges
2232 temporary tables) privileges for databases;
2235 (including domains).
2237 both default and expressly granted privileges. (For maximum
2239 creates the object; then there is no window in which another user
2240 can use the object.)
2241 Also, these default privilege settings can be overridden using the
2243 </para>
2245 <para>
2247 abbreviations that are used for these privilege types in
2251 of system catalogs.
2252 </para>
2260 <thead>
2261 <row>
2265 </row>
2266 </thead>
2267 <tbody>
2268 <row>
2271 <entry>
2275 table column
2276 </entry>
2277 </row>
2278 <row>
2282 </row>
2283 <row>
2286 <entry>
2290 table column
2291 </entry>
2292 </row>
2293 <row>
2297 </row>
2298 <row>
2302 </row>
2303 <row>
2307 </row>
2308 <row>
2312 </row>
2313 <row>
2316 <entry>
2320 </entry>
2321 </row>
2322 <row>
2326 </row>
2327 <row>
2331 </row>
2332 <row>
2336 </row>
2337 <row>
2340 <entry>
2348 </entry>
2349 </row>
2350 <row>
2354 </row>
2355 <row>
2359 </row>
2360 <row>
2364 </row>
2365 </tbody>
2366 </tgroup>
2367 </table>
2369 <para>
2371 available for each type of SQL object, using the abbreviations shown
2372 above.
2374 that can be used to examine privilege settings for each object type.
2375 </para>
2384 <thead>
2385 <row>
2390 </row>
2391 </thead>
2392 <tbody>
2393 <row>
2398 </row>
2399 <row>
2404 </row>
2405 <row>
2410 </row>
2411 <row>
2416 </row>
2417 <row>
2422 </row>
2423 <row>
2428 </row>
2429 <row>
2434 </row>
2435 <row>
2440 </row>
2441 <row>
2446 </row>
2447 <row>
2452 </row>
2453 <row>
2458 </row>
2459 <row>
2464 </row>
2465 <row>
2470 </row>
2471 <row>
2476 </row>
2477 </tbody>
2478 </tgroup>
2479 </table>
2481 <para>
2482 <indexterm>
2484 </indexterm>
2485 The privileges that have been granted for a particular object are
2487 format:
2488 <synopsis>
2489 <replaceable>grantee</replaceable><literal>=</literal><replaceable>privilege-abbreviation</replaceable><optional><literal>*</literal></optional>...<literal>/</literal><replaceable>grantor</replaceable>
2490 </synopsis>
2492 have been granted by a particular grantor. Specific privileges are
2493 represented by one-letter abbreviations from
2495 appended if the privilege was granted with grant option. For example,
2502 also has some privileges on the same object granted by a different
2506 </para>
2508 <para>
2511 <programlisting>
2512 GRANT SELECT ON mytable TO PUBLIC;
2513 GRANT SELECT, UPDATE, INSERT ON mytable TO admin;
2514 GRANT SELECT (col1), UPDATE (col1) ON mytable TO miriam_rw;
2515 </programlisting>
2517 would show:
2518 <programlisting>
2519 => \dp mytable
2520 Access privileges
2521 Schema | Name | Type | Access privileges | Column privileges | Policies
2522 --------+---------+-------+------------------------+-----------------------+----------
2523 public | mytable | table | miriam=arwdDxtm/miriam+| col1: +|
2524 | | | =r/miriam +| miriam_rw=rw/miriam |
2525 | | | admin=arw/miriam | |
2526 (1 row)
2527 </programlisting>
2528 </para>
2530 <para>
2532 object, it means the object has default privileges (that is, its
2533 privileges entry in the relevant system catalog is null). Default
2534 privileges always include all privileges for the owner, and can include
2538 privileges (producing, for
2540 per the specified request. Similarly, entries are shown in <quote>Column
2541 privileges</quote> only for columns with nondefault privileges.
2543 the built-in default privileges for the object's type. An object whose
2544 privileges have been affected by an <command>ALTER DEFAULT
2545 PRIVILEGES</command> command will always be shown with an explicit
2546 privilege entry that includes the effects of
2548 </para>
2550 <para>
2551 Notice that the owner's implicit grant options are not marked in the
2553 grant options have been explicitly granted to someone.
2554 </para>
2556 <para>
2559 non-null but empty. This means that no privileges are granted at all,
2560 even to the object's owner — a rare situation. (The owner still
2561 has implicit grant options in this case, and so could re-grant her own
2562 privileges; but she has none at the moment.)
2563 </para>
2564 </sect1>
2571 </indexterm>
2575 </indexterm>
2577 <para>
2581 on a per-user basis, which rows can be returned by normal queries
2582 or inserted, updated, or deleted by data modification commands.
2584 By default, tables do not have any policies, so that if a user has
2585 access privileges to a table according to the SQL privilege system,
2586 all rows within it are equally available for querying or updating.
2587 </para>
2589 <para>
2590 When row security is enabled on a table (with
2592 SECURITY</link>), all normal access to the table for selecting rows or
2593 modifying rows must be allowed by a row security policy. (However, the
2594 table's owner is typically not subject to row security policies.) If no
2595 policy exists for the table, a default-deny policy is used, meaning that
2596 no rows are visible or can be modified. Operations that apply to the
2598 are not subject to row security.
2599 </para>
2601 <para>
2602 Row security policies can be specific to commands, or to roles, or to
2604 commands, or to <literal>SELECT</literal>, <literal>INSERT</literal>, <literal>UPDATE</literal>,
2606 policy, and normal role membership and inheritance rules apply.
2607 </para>
2609 <para>
2610 To specify which rows are visible or modifiable according to a policy,
2611 an expression is required that returns a Boolean result. This
2612 expression will be evaluated for each row prior to any conditions or
2613 functions coming from the user's query. (The only exceptions to this
2615 not leak information; the optimizer may choose to apply such functions
2616 ahead of the row-security check.) Rows for which the expression does
2618 may be specified to provide independent control over the rows which are
2619 visible and the rows which are allowed to be modified. Policy
2620 expressions are run as part of the query and with the privileges of the
2621 user running the query, although security-definer functions can be used
2622 to access data not available to the calling user.
2623 </para>
2625 <para>
2627 bypass the row security system when accessing a table. Table owners
2628 normally bypass row security as well, though a table owner can choose to
2630 TABLE ... FORCE ROW LEVEL SECURITY</link>.
2631 </para>
2633 <para>
2634 Enabling and disabling row security, as well as adding policies to a
2635 table, is always the privilege of the table owner only.
2636 </para>
2638 <para>
2642 enable and disable row security for a given table, use the
2644 </para>
2646 <para>
2647 Each policy has a name and multiple policies can be defined for a
2648 table. As policies are table-specific, each policy for a table must
2649 have a unique name. Different tables may have policies with the
2650 same name.
2651 </para>
2653 <para>
2654 When multiple policies apply to a given query, they are combined using
2658 role has the privileges
2659 of all roles that they are a member of. Permissive vs. restrictive
2660 policies are discussed further below.
2661 </para>
2663 <para>
2664 As a simple example, here is how to create a policy on
2667 accounts:
2668 </para>
2670 <programlisting>
2671 CREATE TABLE accounts (manager text, company text, contact_email text);
2673 ALTER TABLE accounts ENABLE ROW LEVEL SECURITY;
2675 CREATE POLICY account_managers ON accounts TO managers
2676 USING (manager = current_user);
2677 </programlisting>
2679 <para>
2682 constraint applies both to rows selected by a command (so a manager
2685 manager) and to rows modified by a command (so rows belonging to a
2688 </para>
2690 <para>
2691 If no role is specified, or the special user name
2693 users on the system. To allow all users to access only their own row in
2695 </para>
2697 <programlisting>
2698 CREATE POLICY user_policy ON users
2699 USING (user_name = current_user);
2700 </programlisting>
2702 <para>
2703 This works similarly to the previous example.
2704 </para>
2706 <para>
2707 To use a different policy for rows that are being added to the table
2708 compared to those rows that are visible, multiple policies can be
2709 combined. This pair of policies would allow all users to view all rows
2711 </para>
2713 <programlisting>
2714 CREATE POLICY user_sel_policy ON users
2715 FOR SELECT
2716 USING (true);
2717 CREATE POLICY user_mod_policy ON users
2718 USING (user_name = current_user);
2719 </programlisting>
2721 <para>
2724 can be selected. In other command types, only the second policy applies,
2725 so that the effects are the same as before.
2726 </para>
2728 <para>
2730 command. Disabling row security does not remove any policies that are
2731 defined on the table; they are simply ignored. Then all rows in the
2732 table are visible and modifiable, subject to the standard SQL privileges
2733 system.
2734 </para>
2736 <para>
2737 Below is a larger example of how this feature can be used in production
2739 file:
2740 </para>
2742 <programlisting>
2743 -- Simple passwd-file based example
2744 CREATE TABLE passwd (
2745 user_name text UNIQUE NOT NULL,
2746 pwhash text,
2747 uid int PRIMARY KEY,
2748 gid int NOT NULL,
2749 real_name text NOT NULL,
2750 home_phone text,
2751 extra_info text,
2752 home_dir text NOT NULL,
2753 shell text NOT NULL
2754 );
2756 CREATE ROLE admin; -- Administrator
2757 CREATE ROLE bob; -- Normal user
2758 CREATE ROLE alice; -- Normal user
2760 -- Populate the table
2761 INSERT INTO passwd VALUES
2763 INSERT INTO passwd VALUES
2765 INSERT INTO passwd VALUES
2768 -- Be sure to enable row-level security on the table
2769 ALTER TABLE passwd ENABLE ROW LEVEL SECURITY;
2771 -- Create policies
2772 -- Administrator can see all rows and add any rows
2773 CREATE POLICY admin_all ON passwd TO admin USING (true) WITH CHECK (true);
2774 -- Normal users can view all rows
2775 CREATE POLICY all_view ON passwd FOR SELECT USING (true);
2776 -- Normal users can update their own records, but
2777 -- limit which shells a normal user is allowed to set
2778 CREATE POLICY user_mod ON passwd FOR UPDATE
2779 USING (current_user = user_name)
2780 WITH CHECK (
2781 current_user = user_name AND
2782 shell IN ('/bin/bash','/bin/sh','/bin/dash','/bin/zsh','/bin/tcsh')
2783 );
2785 -- Allow admin all normal rights
2786 GRANT SELECT, INSERT, UPDATE, DELETE ON passwd TO admin;
2787 -- Users only get select access on public columns
2788 GRANT SELECT
2789 (user_name, uid, gid, real_name, home_phone, extra_info, home_dir, shell)
2790 ON passwd TO public;
2791 -- Allow users to update certain columns
2792 GRANT UPDATE
2793 (pwhash, real_name, home_phone, extra_info, shell)
2794 ON passwd TO public;
2795 </programlisting>
2797 <para>
2798 As with any security settings, it's important to test and ensure that
2799 the system is behaving as expected. Using the example above, this
2800 demonstrates that the permission system is working properly.
2801 </para>
2803 <programlisting>
2804 -- admin can view all rows and fields
2805 postgres=> set role admin;
2806 SET
2807 postgres=> table passwd;
2808 user_name | pwhash | uid | gid | real_name | home_phone | extra_info | home_dir | shell
2809 -----------+--------+-----+-----+-----------+--------------+------------+-------------+-----------
2813 (3 rows)
2815 -- Test what Alice is able to do
2816 postgres=> set role alice;
2817 SET
2818 postgres=> table passwd;
2819 ERROR: permission denied for table passwd
2820 postgres=> select user_name,real_name,home_phone,extra_info,home_dir,shell from passwd;
2821 user_name | real_name | home_phone | extra_info | home_dir | shell
2822 -----------+-----------+--------------+------------+-------------+-----------
2826 (3 rows)
2828 postgres=> update passwd set user_name = 'joe';
2829 ERROR: permission denied for table passwd
2830 -- Alice is allowed to change her own real_name, but no others
2831 postgres=> update passwd set real_name = 'Alice Doe';
2832 UPDATE 1
2833 postgres=> update passwd set real_name = 'John Doe' where user_name = 'admin';
2834 UPDATE 0
2835 postgres=> update passwd set shell = '/bin/xx';
2836 ERROR: new row violates WITH CHECK OPTION for "passwd"
2837 postgres=> delete from passwd;
2838 ERROR: permission denied for table passwd
2839 postgres=> insert into passwd (user_name) values ('xxx');
2840 ERROR: permission denied for table passwd
2841 -- Alice can change her own password; RLS silently prevents updating other rows
2842 postgres=> update passwd set pwhash = 'abc';
2843 UPDATE 1
2844 </programlisting>
2846 <para>
2847 All of the policies constructed thus far have been permissive policies,
2848 meaning that when multiple policies are applied they are combined using
2850 to only allow access to rows in the intended cases, it can be simpler to
2851 combine permissive policies with restrictive policies (which the records
2853 Building on the example above, we add a restrictive policy to require
2854 the administrator to be connected over a local Unix socket to access the
2856 </para>
2858 <programlisting>
2859 CREATE POLICY admin_local_only ON passwd AS RESTRICTIVE TO admin
2860 USING (pg_catalog.inet_client_addr() IS NULL);
2861 </programlisting>
2863 <para>
2864 We can then see that an administrator connecting over a network will not
2865 see any records, due to the restrictive policy:
2866 </para>
2868 <programlisting>
2869 => SELECT current_user;
2870 current_user
2871 --------------
2872 admin
2873 (1 row)
2875 => select inet_client_addr();
2876 inet_client_addr
2877 ------------------
2878 127.0.0.1
2879 (1 row)
2881 => TABLE passwd;
2882 user_name | pwhash | uid | gid | real_name | home_phone | extra_info | home_dir | shell
2883 -----------+--------+-----+-----+-----------+------------+------------+----------+-------
2884 (0 rows)
2886 => UPDATE passwd set pwhash = NULL;
2887 UPDATE 0
2888 </programlisting>
2890 <para>
2891 Referential integrity checks, such as unique or primary key constraints
2892 and foreign key references, always bypass row security to ensure that
2893 data integrity is maintained. Care must be taken when developing
2895 information through such referential integrity checks.
2896 </para>
2898 <para>
2899 In some contexts it is important to be sure that row security is
2900 not being applied. For example, when taking a backup, it could be
2901 disastrous if row security silently caused some rows to be omitted
2902 from the backup. In such a situation, you can set the
2905 what it does is throw an error if any query's results would get filtered
2906 by a policy. The reason for the error can then be investigated and
2907 fixed.
2908 </para>
2910 <para>
2911 In the examples above, the policy expressions consider only the current
2912 values in the row to be accessed or updated. This is the simplest and
2913 best-performing case; when possible, it's best to design row security
2914 applications to work this way. If it is necessary to consult other rows
2915 or other tables to make a policy decision, that can be accomplished using
2917 in the policy expressions. Be aware however that such accesses can
2918 create race conditions that could allow information leakage if care is
2919 not taken. As an example, consider the following table design:
2920 </para>
2922 <programlisting>
2923 -- definition of privilege groups
2924 CREATE TABLE groups (group_id int PRIMARY KEY,
2925 group_name text NOT NULL);
2927 INSERT INTO groups VALUES
2928 (1, 'low'),
2929 (2, 'medium'),
2930 (5, 'high');
2932 GRANT ALL ON groups TO alice; -- alice is the administrator
2933 GRANT SELECT ON groups TO public;
2935 -- definition of users' privilege levels
2936 CREATE TABLE users (user_name text PRIMARY KEY,
2937 group_id int NOT NULL REFERENCES groups);
2939 INSERT INTO users VALUES
2940 ('alice', 5),
2941 ('bob', 2),
2942 ('mallory', 2);
2944 GRANT ALL ON users TO alice;
2945 GRANT SELECT ON users TO public;
2947 -- table holding the information to be protected
2948 CREATE TABLE information (info text,
2949 group_id int NOT NULL REFERENCES groups);
2951 INSERT INTO information VALUES
2952 ('barely secret', 1),
2953 ('slightly secret', 2),
2954 ('very secret', 5);
2956 ALTER TABLE information ENABLE ROW LEVEL SECURITY;
2958 -- a row should be visible to/updatable by users whose security group_id is
2959 -- greater than or equal to the row's group_id
2960 CREATE POLICY fp_s ON information FOR SELECT
2961 USING (group_id <= (SELECT group_id FROM users WHERE user_name = current_user));
2962 CREATE POLICY fp_u ON information FOR UPDATE
2963 USING (group_id <= (SELECT group_id FROM users WHERE user_name = current_user));
2965 -- we rely only on RLS to protect the information table
2966 GRANT ALL ON information TO public;
2967 </programlisting>
2969 <para>
2972 be trusted with the new content of that row, so she does:
2973 </para>
2975 <programlisting>
2976 BEGIN;
2977 UPDATE users SET group_id = 1 WHERE user_name = 'mallory';
2978 UPDATE information SET info = 'secret from mallory' WHERE group_id = 2;
2979 COMMIT;
2980 </programlisting>
2982 <para>
2986 say,
2987 <programlisting>
2988 SELECT * FROM information WHERE group_id = 2 FOR UPDATE;
2989 </programlisting>
3000 of the query. Therefore, the policy expression tests the old value
3002 updated row.
3003 </para>
3005 <para>
3006 There are several ways around this problem. One simple answer is to use
3010 affected users, which might be undesirable. (But another row security
3011 policy could be applied to prevent them from actually exercising that
3013 definer function.) Also, heavy concurrent use of row share locks on the
3014 referenced table could pose a performance problem, especially if updates
3015 of it are frequent. Another solution, practical if updates of the
3016 referenced table are infrequent, is to take an
3018 referenced table when updating it, so that no concurrent transactions
3019 could be examining old row values. Or one could just wait for all
3020 concurrent transactions to end after committing an update of the
3021 referenced table and before making changes that rely on the new security
3022 situation.
3023 </para>
3025 <para>
3028 </para>
3030 </sect1>
3037 </indexterm>
3039 <para>
3041 one or more named databases. Roles and a few other object types are
3042 shared across the entire cluster. A client connection to the server
3043 can only access data in a single database, the one specified in the
3044 connection request.
3045 </para>
3047 <note>
3048 <para>
3049 Users of a cluster do not necessarily have the privilege to access every
3050 database in the cluster. Sharing of role names means that there
3052 in the same cluster; but the system can be configured to allow
3054 </para>
3055 </note>
3057 <para>
3059 in turn contain tables. Schemas also contain other kinds of named
3060 objects, including data types, functions, and operators. Within one
3061 schema, two objects of the same type cannot have the same name.
3062 Furthermore, tables, sequences, indexes, views, materialized views, and
3063 foreign tables share the same namespace, so that, for example, an index and
3064 a table must have different names if they are in the same schema. The same
3065 object name can be used in different schemas without conflict; for
3068 schemas are not rigidly separated: a user can access objects in any
3069 of the schemas in the database they are connected to, if they have
3070 privileges to do so.
3071 </para>
3073 <para>
3074 There are several reasons why one might want to use schemas:
3076 <itemizedlist>
3077 <listitem>
3078 <para>
3079 To allow many users to use one database without interfering with
3080 each other.
3081 </para>
3082 </listitem>
3084 <listitem>
3085 <para>
3086 To organize database objects into logical groups to make them
3087 more manageable.
3088 </para>
3089 </listitem>
3091 <listitem>
3092 <para>
3093 Third-party applications can be put into separate schemas so
3094 they do not collide with the names of other objects.
3095 </para>
3096 </listitem>
3097 </itemizedlist>
3099 Schemas are analogous to directories at the operating system level,
3100 except that schemas cannot be nested.
3101 </para>
3109 </indexterm>
3111 <para>
3113 command. Give the schema a name
3114 of your choice. For example:
3115 <programlisting>
3116 CREATE SCHEMA myschema;
3117 </programlisting>
3118 </para>
3120 <indexterm>
3122 </indexterm>
3124 <indexterm>
3127 </indexterm>
3129 <para>
3130 To create or access objects in a schema, write a
3132 table name separated by a dot:
3133 <synopsis>
3135 </synopsis>
3136 This works anywhere a table name is expected, including the table
3137 modification commands and the data access commands discussed in
3138 the following chapters.
3139 (For brevity we will speak of tables only, but the same ideas apply
3140 to other kinds of named objects, such as types and functions.)
3141 </para>
3143 <para>
3144 Actually, the even more general syntax
3145 <synopsis>
3146 <replaceable>database</replaceable><literal>.</literal><replaceable>schema</replaceable><literal>.</literal><replaceable>table</replaceable>
3147 </synopsis>
3148 can be used too, but at present this is just for pro forma
3149 compliance with the SQL standard. If you write a database name,
3150 it must be the same as the database you are connected to.
3151 </para>
3153 <para>
3154 So to create a table in the new schema, use:
3155 <programlisting>
3156 CREATE TABLE myschema.mytable (
3157 ...
3158 );
3159 </programlisting>
3160 </para>
3162 <indexterm>
3165 </indexterm>
3167 <para>
3168 To drop a schema if it's empty (all objects in it have been
3169 dropped), use:
3170 <programlisting>
3171 DROP SCHEMA myschema;
3172 </programlisting>
3173 To drop a schema including all contained objects, use:
3174 <programlisting>
3175 DROP SCHEMA myschema CASCADE;
3176 </programlisting>
3178 mechanism behind this.
3179 </para>
3181 <para>
3182 Often you will want to create a schema owned by someone else
3183 (since this is one of the ways to restrict the activities of your
3184 users to well-defined namespaces). The syntax for that is:
3185 <programlisting>
3186 CREATE SCHEMA <replaceable>schema_name</replaceable> AUTHORIZATION <replaceable>user_name</replaceable>;
3187 </programlisting>
3188 You can even omit the schema name, in which case the schema name
3189 will be the same as the user name. See <xref
3191 </para>
3193 <para>
3195 system purposes and cannot be created by users.
3196 </para>
3197 </sect2>
3205 </indexterm>
3207 <para>
3208 In the previous sections we created tables without specifying any
3209 schema names. By default such tables (and other objects) are
3211 database contains such a schema. Thus, the following are equivalent:
3212 <programlisting>
3213 CREATE TABLE products ( ... );
3214 </programlisting>
3215 and:
3216 <programlisting>
3217 CREATE TABLE public.products ( ... );
3218 </programlisting>
3219 </para>
3220 </sect2>
3225 <indexterm>
3227 </indexterm>
3229 <indexterm>
3231 </indexterm>
3233 <indexterm>
3236 </indexterm>
3238 <para>
3239 Qualified names are tedious to write, and it's often best not to
3240 wire a particular schema name into applications anyway. Therefore
3242 which consist of just the table name. The system determines which table
3244 of schemas to look in. The first matching table in the search path
3245 is taken to be the one wanted. If there is no match in the search
3246 path, an error is reported, even if matching table names exist
3247 in other schemas in the database.
3248 </para>
3250 <para>
3251 The ability to create like-named objects in different schemas complicates
3252 writing a query that references precisely the same objects every time. It
3253 also opens up the potential for users to change the behavior of other
3254 users' queries, maliciously or accidentally. Due to the prevalence of
3255 unqualified names in queries and their use
3259 ordinary query, a malicious user able to create objects in a schema of
3260 your search path can take control and execute arbitrary SQL functions as
3261 though you executed them.
3262 </para>
3264 <indexterm>
3267 </indexterm>
3269 <para>
3270 The first schema named in the search path is called the current schema.
3271 Aside from being the first schema searched, it is also the schema in
3273 command does not specify a schema name.
3274 </para>
3276 <indexterm>
3278 </indexterm>
3280 <para>
3281 To show the current search path, use the following command:
3282 <programlisting>
3283 SHOW search_path;
3284 </programlisting>
3285 In the default setup this returns:
3286 <screen>
3287 search_path
3288 --------------
3289 "$user", public
3290 </screen>
3291 The first element specifies that a schema with the same name as
3292 the current user is to be searched. If no such schema exists,
3293 the entry is ignored. The second element refers to the
3294 public schema that we have seen already.
3295 </para>
3297 <para>
3298 The first schema in the search path that exists is the default
3299 location for creating new objects. That is the reason that by
3300 default objects are created in the public schema. When objects
3301 are referenced in any other context without schema qualification
3302 (table modification, data modification, or query commands) the
3303 search path is traversed until a matching object is found.
3304 Therefore, in the default configuration, any unqualified access
3305 again can only refer to the public schema.
3306 </para>
3308 <para>
3309 To put our new schema in the path, we use:
3310 <programlisting>
3311 SET search_path TO myschema,public;
3312 </programlisting>
3314 immediate need for it.) And then we can access the table without
3315 schema qualification:
3316 <programlisting>
3317 DROP TABLE mytable;
3318 </programlisting>
3320 the path, new objects would by default be created in it.
3321 </para>
3323 <para>
3324 We could also have written:
3325 <programlisting>
3326 SET search_path TO myschema;
3327 </programlisting>
3328 Then we no longer have access to the public schema without
3329 explicit qualification. There is nothing special about the public
3330 schema except that it exists by default. It can be dropped, too.
3331 </para>
3333 <para>
3335 the schema search path.
3336 </para>
3338 <para>
3339 The search path works in the same way for data type names, function names,
3340 and operator names as it does for table names. Data type and function
3341 names can be qualified in exactly the same way as table names. If you
3342 need to write a qualified operator name in an expression, there is a
3343 special provision: you must write
3344 <synopsis>
3345 <literal>OPERATOR(</literal><replaceable>schema</replaceable><literal>.</literal><replaceable>operator</replaceable><literal>)</literal>
3346 </synopsis>
3347 This is needed to avoid syntactic ambiguity. An example is:
3348 <programlisting>
3350 </programlisting>
3351 In practice one usually relies on the search path for operators,
3352 so as not to have to write anything so ugly as that.
3353 </para>
3354 </sect2>
3362 </indexterm>
3364 <para>
3365 By default, users cannot access any objects in schemas they do not
3366 own. To allow that, the owner of the schema must grant the
3369 users to make use of the objects in a schema, additional privileges might
3370 need to be granted, as appropriate for the object.
3371 </para>
3373 <para>
3374 A user can also be allowed to create objects in someone else's schema. To
3376 be granted. In databases upgraded from
3380 revoking that privilege:
3381 <programlisting>
3382 REVOKE CREATE ON SCHEMA public FROM PUBLIC;
3383 </programlisting>
3386 first sense it is an identifier, in the second sense it is a
3387 key word, hence the different capitalization; recall the
3389 </para>
3390 </sect2>
3398 </indexterm>
3400 <para>
3403 the system tables and all the built-in data types, functions, and
3405 the search path. If it is not named explicitly in the path then
3407 schemas. This ensures that built-in names will always be
3408 findable. However, you can explicitly place
3410 prefer to have user-defined names override built-in names.
3411 </para>
3413 <para>
3415 avoid such names to ensure that you won't suffer a conflict if some
3416 future version defines a system table named the same as your
3417 table. (With the default search path, an unqualified reference to
3418 your table name would then be resolved as the system table instead.)
3419 System tables will continue to follow the convention of having
3421 conflict with unqualified user-table names so long as users avoid
3423 </para>
3424 </sect2>
3429 <para>
3430 Schemas can be used to organize your data in many ways.
3432 users from changing the behavior of other users' queries. When a database
3433 does not use a secure schema usage pattern, users wishing to securely
3434 query that database would take protective action at the beginning of each
3435 session. Specifically, they would begin each session by
3437 removing schemas that are writable by non-superusers
3439 easily supported by the default configuration:
3440 <itemizedlist>
3441 <listitem>
3442 <para>
3443 Constrain ordinary users to user-private schemas.
3444 To implement this pattern, first ensure that no schemas have
3446 needing to create non-temporary objects, create a schema with the
3447 same name as that user, for example
3449 (Recall that the default search path starts
3451 name. Therefore, if each user has a separate schema, they access
3452 their own schemas by default.) This pattern is a secure schema
3453 usage pattern unless an untrusted user is the database owner or
3455 in which case no secure schema usage pattern exists.
3456 </para>
3457 <!-- A database owner can attack the database's users via "CREATE SCHEMA
3458 trojan; ALTER DATABASE $mydb SET search_path = trojan, public;". -->
3460 <para>
3462 configuration supports this usage pattern. In prior versions, or
3463 when using a database that has been upgraded from a prior version,
3469 </para>
3470 <!-- "DROP SCHEMA public" is inferior to this REVOKE, because pg_dump
3471 doesn't preserve that DROP. -->
3472 </listitem>
3474 <listitem>
3475 <para>
3476 Remove the public schema from the default search path, by modifying
3478 or by issuing <literal>ALTER ROLE ALL SET search_path =
3480 schema. Only qualified names will choose public schema objects. While
3481 qualified table references are fine, calls to functions in the public
3483 unreliable</link>. If you create functions or extensions in the public
3484 schema, use the first pattern instead. Otherwise, like the first
3485 pattern, this is secure unless an untrusted user is the database owner
3487 </para>
3488 </listitem>
3490 <listitem>
3491 <para>
3492 Keep the default search path, and grant privileges to create in the
3493 public schema. All users access the public schema implicitly. This
3494 simulates the situation where schemas are not available at all, giving
3495 a smooth transition from the non-schema-aware world. However, this is
3496 never a secure pattern. It is acceptable only when the database has a
3497 single user or a few mutually-trusting users. In databases upgraded
3499 default.
3500 </para>
3501 </listitem>
3502 </itemizedlist>
3503 </para>
3505 <para>
3506 For any pattern, to install shared applications (tables to be used by
3507 everyone, additional functions provided by third parties, etc.), put them
3508 into separate schemas. Remember to grant appropriate privileges to allow
3509 the other users to access them. Users can then refer to these additional
3510 objects by qualifying the names with a schema name, or they can put the
3511 additional schemas into their search path, as they choose.
3512 </para>
3513 </sect2>
3518 <para>
3519 In the SQL standard, the notion of objects in the same schema
3520 being owned by different users does not exist. Moreover, some
3521 implementations do not allow you to create schemas that have a
3522 different name than their owner. In fact, the concepts of schema
3523 and user are nearly equivalent in a database system that
3524 implements only the basic schema support specified in the
3525 standard. Therefore, many users consider qualified names to
3526 really consist of
3529 behave if you create a per-user schema for every user.
3530 </para>
3532 <para>
3534 SQL standard. For maximum conformance to the standard, you should
3536 </para>
3538 <para>
3539 Of course, some SQL database systems might not implement schemas
3540 at all, or provide namespace support by allowing (possibly
3541 limited) cross-database access. If you need to work with those
3542 systems, then maximum portability would be achieved by not using
3543 schemas at all.
3544 </para>
3545 </sect2>
3546 </sect1>
3551 <indexterm>
3553 </indexterm>
3555 <indexterm>
3558 </indexterm>
3560 <para>
3562 which can be a useful tool for database designers. (SQL:1999 and
3563 later define a type inheritance feature, which differs in many
3564 respects from the features described here.)
3565 </para>
3567 <para>
3568 Let's start with an example: suppose we are trying to build a data
3569 model for cities. Each state has many cities, but only one
3570 capital. We want to be able to quickly retrieve the capital city
3571 for any particular state. This can be done by creating two tables,
3572 one for state capitals and one for cities that are not
3573 capitals. However, what happens when we want to ask for data about
3574 a city, regardless of whether it is a capital or not? The
3575 inheritance feature can help to resolve this problem. We define the
3579 <programlisting>
3580 CREATE TABLE cities (
3581 name text,
3582 population float,
3583 elevation int -- in feet
3584 );
3586 CREATE TABLE capitals (
3587 state char(2)
3588 ) INHERITS (cities);
3589 </programlisting>
3594 their state.
3595 </para>
3597 <para>
3599 zero or more other tables, and a query can reference either all
3600 rows of a table or all rows of a table plus all of its descendant tables.
3601 The latter behavior is the default.
3602 For example, the following query finds the names of all cities,
3603 including state capitals, that are located at an elevation over
3604 500 feet:
3606 <programlisting>
3607 SELECT name, elevation
3608 FROM cities
3610 </programlisting>
3615 <programlisting>
3616 name | elevation
3617 -----------+-----------
3618 Las Vegas | 2174
3619 Mariposa | 1953
3620 Madison | 845
3621 </programlisting>
3622 </para>
3624 <para>
3625 On the other hand, the following query finds all the cities that
3626 are not state capitals and are situated at an elevation over 500 feet:
3628 <programlisting>
3629 SELECT name, elevation
3630 FROM ONLY cities
3633 name | elevation
3634 -----------+-----------
3635 Las Vegas | 2174
3636 Mariposa | 1953
3637 </programlisting>
3638 </para>
3640 <para>
3644 of the commands that we have already discussed —
3648 </para>
3650 <para>
3652 to explicitly specify that descendant tables are included:
3654 <programlisting>
3655 SELECT name, elevation
3656 FROM cities*
3658 </programlisting>
3661 the default. However, this syntax is still supported for
3662 compatibility with older releases where the default could be changed.
3663 </para>
3665 <para>
3666 In some cases you might wish to know which table a particular row
3667 originated from. There is a system column called
3669 originating table:
3671 <programlisting>
3672 SELECT c.tableoid, c.name, c.elevation
3673 FROM cities c
3675 </programlisting>
3677 which returns:
3679 <programlisting>
3680 tableoid | name | elevation
3681 ----------+-----------+-----------
3685 </programlisting>
3687 (If you try to reproduce this example, you will probably get
3688 different numeric OIDs.) By doing a join with
3691 <programlisting>
3692 SELECT p.relname, c.name, c.elevation
3693 FROM cities c, pg_class p
3695 </programlisting>
3697 which returns:
3699 <programlisting>
3700 relname | name | elevation
3701 ----------+-----------+-----------
3702 cities | Las Vegas | 2174
3703 cities | Mariposa | 1953
3704 capitals | Madison | 845
3705 </programlisting>
3706 </para>
3708 <para>
3710 alias type, which will print the table OID symbolically:
3712 <programlisting>
3713 SELECT c.tableoid::regclass, c.name, c.elevation
3714 FROM cities c
3716 </programlisting>
3717 </para>
3719 <para>
3720 Inheritance does not automatically propagate data from
3722 other tables in the inheritance hierarchy. In our example, the
3724 <programlisting>
3725 INSERT INTO cities (name, population, elevation, state)
3726 VALUES ('Albany', NULL, NULL, 'NY');
3727 </programlisting>
3728 We might hope that the data would somehow be routed to the
3731 specified. In some cases it is possible to redirect the insertion
3735 command will be rejected before the rule can be applied.
3736 </para>
3738 <para>
3739 All check constraints and not-null constraints on a parent table are
3740 automatically inherited by its children, unless explicitly specified
3742 (unique, primary key, and foreign key constraints) are not inherited.
3743 </para>
3745 <para>
3746 A table can inherit from more than one parent table, in which case it has
3747 the union of the columns defined by the parent tables. Any columns
3748 declared in the child table's definition are added to these. If the
3749 same column name appears in multiple parent tables, or in both a parent
3751 so that there is only one such column in the child table. To be merged,
3752 columns must have the same data types, else an error is raised.
3753 Inheritable check constraints and not-null constraints are merged in a
3754 similar fashion. Thus, for example, a merged column will be marked
3755 not-null if any one of the column definitions it came from is marked
3756 not-null. Check constraints are merged if they have the same name,
3757 and the merge will fail if their conditions are different.
3758 </para>
3760 <para>
3761 Table inheritance is typically established when the child table is
3764 statement.
3765 Alternatively, a table which is already defined in a compatible way can
3768 To do this the new child table must already include columns with
3769 the same names and types as the columns of the parent. It must also include
3770 check constraints with the same names and check expressions as those of the
3771 parent. Similarly an inheritance link can be removed from a child using the
3773 Dynamically adding and removing inheritance links like this can be useful
3774 when the inheritance relationship is being used for table
3776 </para>
3778 <para>
3779 One convenient way to create a compatible table that will later be made
3781 TABLE</command>. This creates a new table with the same columns as
3783 constraints defined on the source table, the <literal>INCLUDING
3785 specified, as the new child must have constraints matching the parent
3786 to be considered compatible.
3787 </para>
3789 <para>
3790 A parent table cannot be dropped while any of its children remain. Neither
3791 can columns or check constraints of child tables be dropped or altered
3792 if they are inherited
3793 from any parent tables. If you wish to remove a table and all of its
3794 descendants, one easy way is to drop the parent table with the
3796 </para>
3798 <para>
3800 propagate any changes in column data definitions and check
3801 constraints down the inheritance hierarchy. Again, dropping
3802 columns that are depended on by other tables is only possible when using
3804 TABLE</command> follows the same rules for duplicate column merging
3806 </para>
3808 <para>
3809 Inherited queries perform access permission checks on the parent table
3814 that the data is (also) in the parent table. But
3816 without an additional grant. In a similar way, the parent table's row
3818 rows coming from child tables during an inherited query. A child table's
3819 policies, if any, are applied only when it is the table explicitly named
3820 in the query; and in that case, any policies attached to its parent(s) are
3821 ignored.
3822 </para>
3824 <para>
3826 be part of inheritance hierarchies, either as parent or child
3827 tables, just as regular tables can be. If a foreign table is part
3828 of an inheritance hierarchy then any operations not supported by
3829 the foreign table are not supported on the whole hierarchy either.
3830 </para>
3835 <para>
3836 Note that not all SQL commands are able to work on
3837 inheritance hierarchies. Commands that are used for data querying,
3838 data modification, or schema modification
3842 RENAME</literal>) typically default to including child tables and
3844 The majority of commands that do database maintenance and tuning
3846 tables and do not support recursing over inheritance hierarchies.
3849 notation is supported to allow them to be excluded. The respective
3850 behavior of each individual command is documented in its reference page
3852 </para>
3854 <para>
3855 A serious limitation of the inheritance feature is that indexes (including
3856 unique constraints) and foreign key constraints only apply to single
3857 tables, not to their inheritance children. This is true on both the
3858 referencing and referenced sides of a foreign key constraint. Thus,
3859 in the terms of the above example:
3861 <itemizedlist>
3862 <listitem>
3863 <para>
3870 and so could contain multiple rows with the same name.
3873 </para>
3874 </listitem>
3876 <listitem>
3877 <para>
3878 Similarly, if we were to specify that
3879 <structname>cities</structname>.<structfield>name</structfield> <literal>REFERENCES</literal> some
3880 other table, this constraint would not automatically propagate to
3884 </para>
3885 </listitem>
3887 <listitem>
3888 <para>
3889 Specifying that another table's column <literal>REFERENCES
3890 cities(name)</literal> would allow the other table to contain city names, but
3891 not capital names. There is no good workaround for this case.
3892 </para>
3893 </listitem>
3894 </itemizedlist>
3896 Some functionality not implemented for inheritance hierarchies is
3897 implemented for declarative partitioning.
3898 Considerable care is needed in deciding whether partitioning with legacy
3899 inheritance is useful for your application.
3900 </para>
3902 </sect2>
3903 </sect1>
3908 <indexterm>
3910 </indexterm>
3912 <indexterm>
3915 </indexterm>
3917 <indexterm>
3919 </indexterm>
3921 <para>
3923 partitioning. This section describes why and how to implement
3924 partitioning as part of your database design.
3925 </para>
3930 <para>
3931 Partitioning refers to splitting what is logically one large table into
3932 smaller physical pieces. Partitioning can provide several benefits:
3933 <itemizedlist>
3934 <listitem>
3935 <para>
3936 Query performance can be improved dramatically in certain situations,
3937 particularly when most of the heavily accessed rows of the table are in a
3938 single partition or a small number of partitions. Partitioning
3939 effectively substitutes for the upper tree levels of indexes,
3940 making it more likely that the heavily-used parts of the indexes
3941 fit in memory.
3942 </para>
3943 </listitem>
3945 <listitem>
3946 <para>
3947 When queries or updates access a large percentage of a single
3948 partition, performance can be improved by using a
3949 sequential scan of that partition instead of using an
3950 index, which would require random-access reads scattered across the
3951 whole table.
3952 </para>
3953 </listitem>
3955 <listitem>
3956 <para>
3957 Bulk loads and deletes can be accomplished by adding or removing
3958 partitions, if the usage pattern is accounted for in the
3959 partitioning design. Dropping an individual partition
3961 DETACH PARTITION</command>, is far faster than a bulk
3962 operation. These commands also entirely avoid the
3964 </para>
3965 </listitem>
3967 <listitem>
3968 <para>
3969 Seldom-used data can be migrated to cheaper and slower storage media.
3970 </para>
3971 </listitem>
3972 </itemizedlist>
3974 These benefits will normally be worthwhile only when a table would
3975 otherwise be very large. The exact point at which a table will
3976 benefit from partitioning depends on the application, although a
3977 rule of thumb is that the size of the table should exceed the physical
3978 memory of the database server.
3979 </para>
3981 <para>
3983 following forms of partitioning:
3985 <variablelist>
3989 <listitem>
3990 <para>
3992 by a key column or set of columns, with no overlap between
3993 the ranges of values assigned to different partitions. For
3994 example, one might partition by date ranges, or by ranges of
3995 identifiers for particular business objects.
3996 Each range's bounds are understood as being inclusive at the
3997 lower end and exclusive at the upper end. For example, if one
4002 the first.
4003 </para>
4004 </listitem>
4005 </varlistentry>
4010 <listitem>
4011 <para>
4012 The table is partitioned by explicitly listing which key value(s)
4013 appear in each partition.
4014 </para>
4015 </listitem>
4016 </varlistentry>
4021 <listitem>
4022 <para>
4023 The table is partitioned by specifying a modulus and a remainder for
4024 each partition. Each partition will hold the rows for which the hash
4025 value of the partition key divided by the specified modulus will
4026 produce the specified remainder.
4027 </para>
4028 </listitem>
4029 </varlistentry>
4030 </variablelist>
4032 If your application needs to use other forms of partitioning not listed
4033 above, alternative methods such as inheritance and
4035 offer flexibility but do not have some of the performance benefits
4036 of built-in declarative partitioning.
4037 </para>
4038 </sect2>
4043 <para>
4045 that a table is divided into partitions. The table that is divided
4048 as described above, plus a list of columns or expressions to be used
4050 </para>
4052 <para>
4054 no storage of its own. Instead, the storage belongs
4056 tables associated with the partitioned table.
4057 Each partition stores a subset of the data as defined by its
4059 All rows inserted into a partitioned table will be routed to the
4060 appropriate one of the partitions based on the values of the partition
4061 key column(s).
4062 Updating the partition key of a row will cause it to be moved into a
4063 different partition if it no longer satisfies the partition bounds
4064 of its original partition.
4065 </para>
4067 <para>
4068 Partitions may themselves be defined as partitioned tables, resulting
4070 must have the same columns as their partitioned parent, partitions may
4071 have their
4072 own indexes, constraints and default values, distinct from those of other
4074 creating partitioned tables and partitions.
4075 </para>
4077 <para>
4078 It is not possible to turn a regular table into a partitioned table or
4079 vice versa. However, it is possible to add an existing regular or
4080 partitioned table as a partition of a partitioned table, or remove a
4081 partition from a partitioned table turning it into a standalone table;
4082 this can simplify and speed up many maintenance processes.
4085 sub-commands.
4086 </para>
4088 <para>
4090 tables</link>, although considerable care is needed because it is then
4091 the user's responsibility that the contents of the foreign table
4092 satisfy the partitioning rule. There are some other restrictions as
4094 information.
4095 </para>
4100 <para>
4101 Suppose we are constructing a database for a large ice cream company.
4102 The company measures peak temperatures every day as well as ice cream
4103 sales in each region. Conceptually, we want a table like:
4105 <programlisting>
4106 CREATE TABLE measurement (
4107 city_id int not null,
4108 logdate date not null,
4109 peaktemp int,
4110 unitsales int
4111 );
4112 </programlisting>
4114 We know that most queries will access just the last week's, month's or
4115 quarter's data, since the main use of this table will be to prepare
4116 online reports for management. To reduce the amount of old data that
4117 needs to be stored, we decide to keep only the most recent 3 years
4118 worth of data. At the beginning of each month we will remove the oldest
4119 month's data. In this situation we can use partitioning to help us meet
4120 all of our different requirements for the measurements table.
4121 </para>
4123 <para>
4124 To use declarative partitioning in this case, use the following steps:
4127 <listitem>
4128 <para>
4132 case) and the list of column(s) to use as the partition key.
4134 <programlisting>
4135 CREATE TABLE measurement (
4136 city_id int not null,
4137 logdate date not null,
4138 peaktemp int,
4139 unitsales int
4140 ) PARTITION BY RANGE (logdate);
4141 </programlisting>
4142 </para>
4143 </listitem>
4145 <listitem>
4146 <para>
4147 Create partitions. Each partition's definition must specify bounds
4148 that correspond to the partitioning method and partition key of the
4149 parent. Note that specifying bounds such that the new partition's
4150 values would overlap with those in one or more existing partitions will
4151 cause an error.
4152 </para>
4154 <para>
4155 Partitions thus created are in every way normal
4157 tables (or, possibly, foreign tables). It is possible to specify a
4158 tablespace and storage parameters for each partition separately.
4159 </para>
4161 <para>
4162 For our example, each partition should hold one month's worth of
4163 data, to match the requirement of deleting one month's data at a
4164 time. So the commands might look like:
4166 <programlisting>
4167 CREATE TABLE measurement_y2006m02 PARTITION OF measurement
4170 CREATE TABLE measurement_y2006m03 PARTITION OF measurement
4173 ...
4174 CREATE TABLE measurement_y2007m11 PARTITION OF measurement
4177 CREATE TABLE measurement_y2007m12 PARTITION OF measurement
4179 TABLESPACE fasttablespace;
4181 CREATE TABLE measurement_y2008m01 PARTITION OF measurement
4183 WITH (parallel_workers = 4)
4184 TABLESPACE fasttablespace;
4185 </programlisting>
4187 (Recall that adjacent partitions can share a bound value, since
4188 range upper bounds are treated as exclusive bounds.)
4189 </para>
4191 <para>
4192 If you wish to implement sub-partitioning, again specify the
4194 individual partitions, for example:
4196 <programlisting>
4197 CREATE TABLE measurement_y2006m02 PARTITION OF measurement
4199 PARTITION BY RANGE (peaktemp);
4200 </programlisting>
4206 which is allowed provided its partition constraint is satisfied)
4207 will be further redirected to one of its
4209 key specified may overlap with the parent's partition key, although
4210 care should be taken when specifying the bounds of a sub-partition
4211 such that the set of data it accepts constitutes a subset of what
4212 the partition's own bounds allow; the system does not try to check
4213 whether that's really the case.
4214 </para>
4216 <para>
4217 Inserting data into the parent table that does not map
4218 to one of the existing partitions will cause an error; an appropriate
4219 partition must be added manually.
4220 </para>
4222 <para>
4223 It is not necessary to manually create table constraints describing
4224 the partition boundary conditions for partitions. Such constraints
4225 will be created automatically.
4226 </para>
4227 </listitem>
4229 <listitem>
4230 <para>
4231 Create an index on the key column(s), as well as any other indexes you
4232 might want, on the partitioned table. (The key index is not strictly
4233 necessary, but in most scenarios it is helpful.)
4234 This automatically creates a matching index on each partition, and
4235 any partitions you create or attach later will also have such an
4236 index.
4237 An index or unique constraint declared on a partitioned table
4239 is: the actual data is in child indexes on the individual partition
4240 tables.
4242 <programlisting>
4243 CREATE INDEX ON measurement (logdate);
4244 </programlisting>
4245 </para>
4246 </listitem>
4248 <listitem>
4249 <para>
4252 If it is, queries will not be optimized as desired.
4253 </para>
4254 </listitem>
4255 </orderedlist>
4256 </para>
4258 <para>
4259 In the above example we would be creating a new partition each month, so
4260 it might be wise to write a script that generates the required DDL
4261 automatically.
4262 </para>
4263 </sect3>
4268 <para>
4269 Normally the set of partitions established when initially defining the
4270 table is not intended to remain static. It is common to want to
4271 remove partitions holding old data and periodically add new partitions for
4272 new data. One of the most important advantages of partitioning is
4273 precisely that it allows this otherwise painful task to be executed
4274 nearly instantaneously by manipulating the partition structure, rather
4275 than physically moving large amounts of data around.
4276 </para>
4278 <para>
4279 The simplest option for removing old data is to drop the partition that
4280 is no longer necessary:
4281 <programlisting>
4282 DROP TABLE measurement_y2006m02;
4283 </programlisting>
4284 This can very quickly delete millions of records because it doesn't have
4285 to individually delete every record. Note however that the above command
4287 table.
4288 </para>
4290 <para>
4291 Another option that is often preferable is to remove the partition from
4292 the partitioned table but retain access to it as a table in its own
4293 right. This has two forms:
4295 <programlisting>
4296 ALTER TABLE measurement DETACH PARTITION measurement_y2006m02;
4297 ALTER TABLE measurement DETACH PARTITION measurement_y2006m02 CONCURRENTLY;
4298 </programlisting>
4300 These allow further operations to be performed on the data before
4301 it is dropped. For example, this is often a useful time to back up
4303 similar tools. It might also be a useful time to aggregate data
4304 into smaller formats, perform other data manipulations, or run
4305 reports. The first form of the command requires an
4308 form allows the detach operation to require only
4310 <link linkend="sql-altertable-detach-partition"><literal>ALTER TABLE ... DETACH PARTITION</literal></link>
4311 for details on the restrictions.
4312 </para>
4314 <para>
4315 Similarly we can add a new partition to handle new data. We can create an
4316 empty partition in the partitioned table just as the original partitions
4317 were created above:
4319 <programlisting>
4320 CREATE TABLE measurement_y2008m02 PARTITION OF measurement
4322 TABLESPACE fasttablespace;
4323 </programlisting>
4325 As an alternative to creating a new partition, it is sometimes more
4326 convenient to create a new table separate from the partition structure
4327 and attach it as a partition later. This allows new data to be loaded,
4328 checked, and transformed prior to it appearing in the partitioned table.
4333 so it is more friendly to concurrent operations on the partitioned table;
4334 see <link linkend="sql-altertable-attach-partition"><literal>ALTER TABLE ... ATTACH PARTITION</literal></link>
4335 for additional details. The
4337 option can be helpful to avoid tediously repeating the parent table's
4338 definition; for example:
4340 <programlisting>
4341 CREATE TABLE measurement_y2008m02
4342 (LIKE measurement INCLUDING DEFAULTS INCLUDING CONSTRAINTS)
4343 TABLESPACE fasttablespace;
4345 ALTER TABLE measurement_y2008m02 ADD CONSTRAINT y2008m02
4348 \copy measurement_y2008m02 from 'measurement_y2008m02'
4349 -- possibly some other data preparation work
4351 ALTER TABLE measurement ATTACH PARTITION measurement_y2008m02
4353 </programlisting>
4354 </para>
4356 <para>
4358 the table will be scanned to validate the partition constraint while
4360 As shown above, it is recommended to avoid this scan by creating a
4362 constraint on the table prior to attaching it. Once the
4365 If the table being attached is itself a partitioned table, then each of its
4366 sub-partitions will be recursively locked and scanned until either a
4368 partitions are reached.
4369 </para>
4371 <para>
4374 constraint which excludes the to-be-attached partition's constraint. If
4376 scanned to verify that it contains no records which should be located in
4377 the partition being attached. This operation will be performed whilst
4380 is itself a partitioned table, then each of its partitions will be
4381 recursively checked in the same way as the table being attached, as
4382 mentioned above.
4383 </para>
4385 <para>
4386 As mentioned earlier, it is possible to create indexes on partitioned
4387 tables so that they are applied automatically to the entire hierarchy.
4388 This can be very convenient as not only will all existing partitions be
4389 indexed, but any future partitions will be as well. However, one
4390 limitation when creating new indexes on partitioned tables is that it
4392 qualifier, which could lead to long lock times. To avoid this, you can
4394 creates the new index marked as invalid, preventing automatic application
4395 to existing partitions. Instead, indexes can then be created individually
4399 all the partitions are attached to the parent index, the parent index will
4400 be marked valid automatically. Example:
4401 <programlisting>
4402 CREATE INDEX measurement_usls_idx ON ONLY measurement (unitsales);
4404 CREATE INDEX CONCURRENTLY measurement_usls_200602_idx
4405 ON measurement_y2006m02 (unitsales);
4406 ALTER INDEX measurement_usls_idx
4407 ATTACH PARTITION measurement_usls_200602_idx;
4408 ...
4409 </programlisting>
4413 implicitly when the constraint is created. Example:
4414 <programlisting>
4415 ALTER TABLE ONLY measurement ADD UNIQUE (city_id, logdate);
4417 ALTER TABLE measurement_y2006m02 ADD UNIQUE (city_id, logdate);
4418 ALTER INDEX measurement_city_id_logdate_key
4419 ATTACH PARTITION measurement_y2006m02_city_id_logdate_key;
4420 ...
4421 </programlisting>
4422 </para>
4423 </sect3>
4428 <para>
4429 The following limitations apply to partitioned tables:
4430 <itemizedlist>
4431 <listitem>
4432 <para>
4433 To create a unique or primary key constraint on a partitioned table,
4434 the partition keys must not include any expressions or function calls
4435 and the constraint's columns must include all of the partition key
4436 columns. This limitation exists because the individual indexes making
4437 up the constraint can only directly enforce uniqueness within their own
4438 partitions; therefore, the partition structure itself must guarantee
4439 that there are not duplicates in different partitions.
4440 </para>
4441 </listitem>
4443 <listitem>
4444 <para>
4445 Similarly an exclusion constraint must include all the
4446 partition key columns. Furthermore the constraint must compare those
4448 Again, this limitation stems from not being able to enforce
4449 cross-partition restrictions. The constraint may include additional
4450 columns that aren't part of the partition key, and it may compare
4451 those with any operators you like.
4452 </para>
4453 </listitem>
4455 <listitem>
4456 <para>
4458 cannot change which partition is the final destination for a new row.
4459 </para>
4460 </listitem>
4462 <listitem>
4463 <para>
4464 Mixing temporary and permanent relations in the same partition tree is
4465 not allowed. Hence, if the partitioned table is permanent, so must be
4466 its partitions and likewise if the partitioned table is temporary. When
4467 using temporary relations, all members of the partition tree have to be
4468 from the same session.
4469 </para>
4470 </listitem>
4471 </itemizedlist>
4472 </para>
4474 <para>
4475 Individual partitions are linked to their partitioned table using
4476 inheritance behind-the-scenes. However, it is not possible to use
4477 all of the generic features of inheritance with declaratively
4478 partitioned tables or their partitions, as discussed below. Notably,
4479 a partition cannot have any parents other than the partitioned table
4480 it is a partition of, nor can a table inherit from both a partitioned
4481 table and a regular table. That means partitioned tables and their
4482 partitions never share an inheritance hierarchy with regular tables.
4483 </para>
4485 <para>
4486 Since a partition hierarchy consisting of the partitioned table and its
4487 partitions is still an inheritance hierarchy,
4490 a few exceptions:
4492 <itemizedlist>
4493 <listitem>
4494 <para>
4495 Partitions cannot have columns that are not present in the parent. It
4496 is not possible to specify columns when creating partitions with
4499 Tables may be added as a partition with <command>ALTER TABLE
4500 ... ATTACH PARTITION</command> only if their columns exactly match
4501 the parent.
4502 </para>
4503 </listitem>
4505 <listitem>
4506 <para>
4508 constraints of a partitioned table are always inherited by all its
4510 constraints of those types.
4511 You cannot drop a constraint of those types if the same constraint
4512 is present in the parent table.
4513 </para>
4514 </listitem>
4516 <listitem>
4517 <para>
4519 the partitioned table is supported as long as there are no
4521 will result in an error for any constraints other than
4523 Instead, constraints on the partitions
4524 themselves can be added and (if they are not present in the parent
4525 table) dropped.
4526 </para>
4527 </listitem>
4529 <listitem>
4530 <para>
4531 As a partitioned table does not have any data itself, attempts to use
4533 table will always return an error.
4534 </para>
4535 </listitem>
4536 </itemizedlist>
4537 </para>
4538 </sect3>
4539 </sect2>
4544 <para>
4545 While the built-in declarative partitioning is suitable for most
4546 common use cases, there are some circumstances where a more flexible
4547 approach may be useful. Partitioning can be implemented using table
4548 inheritance, which allows for several features not supported
4549 by declarative partitioning, such as:
4551 <itemizedlist>
4552 <listitem>
4553 <para>
4554 For declarative partitioning, partitions must have exactly the same set
4555 of columns as the partitioned table, whereas with table inheritance,
4556 child tables may have extra columns not present in the parent.
4557 </para>
4558 </listitem>
4560 <listitem>
4561 <para>
4562 Table inheritance allows for multiple inheritance.
4563 </para>
4564 </listitem>
4566 <listitem>
4567 <para>
4568 Declarative partitioning only supports range, list and hash
4569 partitioning, whereas table inheritance allows data to be divided in a
4570 manner of the user's choosing. (Note, however, that if constraint
4571 exclusion is unable to prune child tables effectively, query performance
4572 might be poor.)
4573 </para>
4574 </listitem>
4575 </itemizedlist>
4576 </para>
4581 <para>
4582 This example builds a partitioning structure equivalent to the
4583 declarative partitioning example above. Use
4584 the following steps:
4587 <listitem>
4588 <para>
4591 define any check constraints on this table, unless you intend them
4592 to be applied equally to all child tables. There is no point in
4593 defining any indexes or unique constraints on it, either. For our
4595 table as originally defined:
4597 <programlisting>
4598 CREATE TABLE measurement (
4599 city_id int not null,
4600 logdate date not null,
4601 peaktemp int,
4602 unitsales int
4603 );
4604 </programlisting>
4605 </para>
4606 </listitem>
4608 <listitem>
4609 <para>
4611 the root table. Normally, these tables will not add any columns
4612 to the set inherited from the root. Just as with declarative
4613 partitioning, these tables are in every way normal
4615 </para>
4617 <para>
4618 <programlisting>
4619 CREATE TABLE measurement_y2006m02 () INHERITS (measurement);
4620 CREATE TABLE measurement_y2006m03 () INHERITS (measurement);
4621 ...
4622 CREATE TABLE measurement_y2007m11 () INHERITS (measurement);
4623 CREATE TABLE measurement_y2007m12 () INHERITS (measurement);
4624 CREATE TABLE measurement_y2008m01 () INHERITS (measurement);
4625 </programlisting>
4626 </para>
4627 </listitem>
4629 <listitem>
4630 <para>
4631 Add non-overlapping table constraints to the child tables to
4632 define the allowed key values in each.
4633 </para>
4635 <para>
4636 Typical examples would be:
4637 <programlisting>
4638 CHECK ( x = 1 )
4639 CHECK ( county IN ( 'Oxfordshire', 'Buckinghamshire', 'Warwickshire' ))
4641 </programlisting>
4642 Ensure that the constraints guarantee that there is no overlap
4643 between the key values permitted in different child tables. A common
4644 mistake is to set up range constraints like:
4645 <programlisting>
4648 </programlisting>
4649 This is wrong since it is not clear which child table the key
4650 value 200 belongs in.
4651 Instead, ranges should be defined in this style:
4653 <programlisting>
4654 CREATE TABLE measurement_y2006m02 (
4656 ) INHERITS (measurement);
4658 CREATE TABLE measurement_y2006m03 (
4660 ) INHERITS (measurement);
4662 ...
4663 CREATE TABLE measurement_y2007m11 (
4665 ) INHERITS (measurement);
4667 CREATE TABLE measurement_y2007m12 (
4669 ) INHERITS (measurement);
4671 CREATE TABLE measurement_y2008m01 (
4673 ) INHERITS (measurement);
4674 </programlisting>
4675 </para>
4676 </listitem>
4678 <listitem>
4679 <para>
4680 For each child table, create an index on the key column(s),
4681 as well as any other indexes you might want.
4682 <programlisting>
4683 CREATE INDEX measurement_y2006m02_logdate ON measurement_y2006m02 (logdate);
4684 CREATE INDEX measurement_y2006m03_logdate ON measurement_y2006m03 (logdate);
4685 CREATE INDEX measurement_y2007m11_logdate ON measurement_y2007m11 (logdate);
4686 CREATE INDEX measurement_y2007m12_logdate ON measurement_y2007m12 (logdate);
4687 CREATE INDEX measurement_y2008m01_logdate ON measurement_y2008m01 (logdate);
4688 </programlisting>
4689 </para>
4690 </listitem>
4692 <listitem>
4693 <para>
4694 We want our application to be able to say <literal>INSERT INTO
4695 measurement ...</literal> and have the data be redirected into the
4696 appropriate child table. We can arrange that by attaching
4697 a suitable trigger function to the root table.
4698 If data will be added only to the latest child, we can
4699 use a very simple trigger function:
4701 <programlisting>
4702 CREATE OR REPLACE FUNCTION measurement_insert_trigger()
4703 RETURNS TRIGGER AS $$
4704 BEGIN
4705 INSERT INTO measurement_y2008m01 VALUES (NEW.*);
4706 RETURN NULL;
4707 END;
4708 $$
4709 LANGUAGE plpgsql;
4710 </programlisting>
4711 </para>
4713 <para>
4714 After creating the function, we create a trigger which
4715 calls the trigger function:
4717 <programlisting>
4718 CREATE TRIGGER insert_measurement_trigger
4719 BEFORE INSERT ON measurement
4720 FOR EACH ROW EXECUTE FUNCTION measurement_insert_trigger();
4721 </programlisting>
4723 We must redefine the trigger function each month so that it always
4724 inserts into the current child table. The trigger definition does
4725 not need to be updated, however.
4726 </para>
4728 <para>
4729 We might want to insert data and have the server automatically
4730 locate the child table into which the row should be added. We
4731 could do this with a more complex trigger function, for example:
4733 <programlisting>
4734 CREATE OR REPLACE FUNCTION measurement_insert_trigger()
4735 RETURNS TRIGGER AS $$
4736 BEGIN
4739 INSERT INTO measurement_y2006m02 VALUES (NEW.*);
4742 INSERT INTO measurement_y2006m03 VALUES (NEW.*);
4743 ...
4746 INSERT INTO measurement_y2008m01 VALUES (NEW.*);
4747 ELSE
4748 RAISE EXCEPTION 'Date out of range. Fix the measurement_insert_trigger() function!';
4749 END IF;
4750 RETURN NULL;
4751 END;
4752 $$
4753 LANGUAGE plpgsql;
4754 </programlisting>
4756 The trigger definition is the same as before.
4759 </para>
4761 <para>
4762 While this function is more complex than the single-month case,
4763 it doesn't need to be updated as often, since branches can be
4764 added in advance of being needed.
4765 </para>
4767 <note>
4768 <para>
4769 In practice, it might be best to check the newest child first,
4770 if most inserts go into that child. For simplicity, we have
4771 shown the trigger's tests in the same order as in other parts
4772 of this example.
4773 </para>
4774 </note>
4776 <para>
4777 A different approach to redirecting inserts into the appropriate
4778 child table is to set up rules, instead of a trigger, on the
4779 root table. For example:
4781 <programlisting>
4782 CREATE RULE measurement_insert_y2006m02 AS
4783 ON INSERT TO measurement WHERE
4785 DO INSTEAD
4786 INSERT INTO measurement_y2006m02 VALUES (NEW.*);
4787 ...
4788 CREATE RULE measurement_insert_y2008m01 AS
4789 ON INSERT TO measurement WHERE
4791 DO INSTEAD
4792 INSERT INTO measurement_y2008m01 VALUES (NEW.*);
4793 </programlisting>
4795 A rule has significantly more overhead than a trigger, but the
4796 overhead is paid once per query rather than once per row, so this
4797 method might be advantageous for bulk-insert situations. In most
4798 cases, however, the trigger method will offer better performance.
4799 </para>
4801 <para>
4805 does fire triggers, so you can use it normally if you use the trigger
4806 approach.
4807 </para>
4809 <para>
4810 Another disadvantage of the rule approach is that there is no simple
4811 way to force an error if the set of rules doesn't cover the insertion
4812 date; the data will silently go into the root table instead.
4813 </para>
4814 </listitem>
4816 <listitem>
4817 <para>
4819 configuration parameter is not disabled in
4821 child tables may be accessed unnecessarily.
4822 </para>
4823 </listitem>
4824 </orderedlist>
4825 </para>
4827 <para>
4828 As we can see, a complex table hierarchy could require a
4829 substantial amount of DDL. In the above example we would be creating
4830 a new child table each month, so it might be wise to write a script that
4831 generates the required DDL automatically.
4832 </para>
4833 </sect3>
4837 <para>
4838 To remove old data quickly, simply drop the child table that is no longer
4839 necessary:
4840 <programlisting>
4841 DROP TABLE measurement_y2006m02;
4842 </programlisting>
4843 </para>
4845 <para>
4846 To remove the child table from the inheritance hierarchy table but retain access to
4847 it as a table in its own right:
4849 <programlisting>
4850 ALTER TABLE measurement_y2006m02 NO INHERIT measurement;
4851 </programlisting>
4852 </para>
4854 <para>
4855 To add a new child table to handle new data, create an empty child table
4856 just as the original children were created above:
4858 <programlisting>
4859 CREATE TABLE measurement_y2008m02 (
4861 ) INHERITS (measurement);
4862 </programlisting>
4864 Alternatively, one may want to create and populate the new child table
4865 before adding it to the table hierarchy. This could allow data to be
4866 loaded, checked, and transformed before being made visible to queries on
4867 the parent table.
4869 <programlisting>
4870 CREATE TABLE measurement_y2008m02
4871 (LIKE measurement INCLUDING DEFAULTS INCLUDING CONSTRAINTS);
4872 ALTER TABLE measurement_y2008m02 ADD CONSTRAINT y2008m02
4874 \copy measurement_y2008m02 from 'measurement_y2008m02'
4875 -- possibly some other data preparation work
4876 ALTER TABLE measurement_y2008m02 INHERIT measurement;
4877 </programlisting>
4878 </para>
4879 </sect3>
4884 <para>
4885 The following caveats apply to partitioning implemented using
4886 inheritance:
4887 <itemizedlist>
4888 <listitem>
4889 <para>
4890 There is no automatic way to verify that all of the
4892 exclusive. It is safer to create code that generates
4893 child tables and creates and/or modifies associated objects than
4894 to write each by hand.
4895 </para>
4896 </listitem>
4898 <listitem>
4899 <para>
4900 Indexes and foreign key constraints apply to single tables and not
4901 to their inheritance children, hence they have some
4903 </para>
4904 </listitem>
4906 <listitem>
4907 <para>
4908 The schemes shown here assume that the values of a row's key column(s)
4909 never change, or at least do not change enough to require it to move to another partition.
4912 If you need to handle such cases, you can put suitable update triggers
4913 on the child tables, but it makes management of the structure
4914 much more complicated.
4915 </para>
4916 </listitem>
4918 <listitem>
4919 <para>
4921 commands will automatically process all inheritance child tables. If
4923 A command like:
4924 <programlisting>
4925 ANALYZE ONLY measurement;
4926 </programlisting>
4927 will only process the root table.
4928 </para>
4929 </listitem>
4931 <listitem>
4932 <para>
4935 action is only taken in case of unique violations on the specified
4936 target relation, not its child relations.
4937 </para>
4938 </listitem>
4940 <listitem>
4941 <para>
4942 Triggers or rules will be needed to route rows to the desired
4943 child table, unless the application is explicitly aware of the
4944 partitioning scheme. Triggers may be complicated to write, and will
4945 be much slower than the tuple routing performed internally by
4946 declarative partitioning.
4947 </para>
4948 </listitem>
4949 </itemizedlist>
4950 </para>
4951 </sect3>
4952 </sect2>
4957 <indexterm>
4959 </indexterm>
4961 <para>
4963 that improves performance for declaratively partitioned tables.
4964 As an example:
4966 <programlisting>
4967 SET enable_partition_pruning = on; -- the default
4969 </programlisting>
4971 Without partition pruning, the above query would scan each of the
4973 partition pruning enabled, the planner will examine the definition
4974 of each partition and prove that the partition need not
4975 be scanned because it could not contain any rows meeting the query's
4978 plan.
4979 </para>
4981 <para>
4982 By using the EXPLAIN command and the <xref
4984 possible to show the difference between a plan for which partitions have
4985 been pruned and one for which they have not. A typical unoptimized
4986 plan for this type of table setup is:
4987 <programlisting>
4988 SET enable_partition_pruning = off;
4990 QUERY PLAN
4991 -------------------------------------------------------------------&zwsp;----------------
4998 ...
5005 </programlisting>
5007 Some or all of the partitions might use index scans instead of
5008 full-table sequential scans, but the point here is that there
5009 is no need to scan the older partitions at all to answer this query.
5010 When we enable partition pruning, we get a significantly
5011 cheaper plan that will deliver the same answer:
5012 <programlisting>
5013 SET enable_partition_pruning = on;
5015 QUERY PLAN
5016 -------------------------------------------------------------------&zwsp;----------------
5020 </programlisting>
5021 </para>
5023 <para>
5024 Note that partition pruning is driven only by the constraints defined
5025 implicitly by the partition keys, not by the presence of indexes.
5026 Therefore it isn't necessary to define indexes on the key columns.
5027 Whether an index needs to be created for a given partition depends on
5028 whether you expect that queries that scan the partition will
5029 generally scan a large part of the partition or just a small part.
5030 An index will be helpful in the latter case but not the former.
5031 </para>
5033 <para>
5034 Partition pruning can be performed not only during the planning of a
5035 given query, but also during its execution. This is useful as it can
5036 allow more partitions to be pruned when clauses contain expressions
5037 whose values are not known at query planning time, for example,
5039 value obtained from a subquery, or using a parameterized value on the
5040 inner side of a nested loop join. Partition pruning during execution
5041 can be performed at any of the following times:
5043 <itemizedlist>
5044 <listitem>
5045 <para>
5046 During initialization of the query plan. Partition pruning can be
5047 performed here for parameter values which are known during the
5048 initialization phase of execution. Partitions which are pruned
5049 during this stage will not show up in the query's
5051 It is possible to determine the number of partitions which were
5052 removed during this phase by observing the
5055 </para>
5056 </listitem>
5058 <listitem>
5059 <para>
5060 During actual execution of the query plan. Partition pruning may
5061 also be performed here to remove partitions using values which are
5062 only known during actual query execution. This includes values
5063 from subqueries and values from execution-time parameters such as
5064 those from parameterized nested loop joins. Since the value of
5065 these parameters may change many times during the execution of the
5066 query, partition pruning is performed whenever one of the
5067 execution parameters being used by partition pruning changes.
5068 Determining if partitions were pruned during this phase requires
5071 corresponding to different partitions may have different values
5072 for it depending on how many times each of them was pruned during
5074 if they were pruned every time.
5075 </para>
5076 </listitem>
5077 </itemizedlist>
5078 </para>
5080 <para>
5081 Partition pruning can be disabled using the
5083 </para>
5084 </sect2>
5089 <indexterm>
5091 </indexterm>
5093 <para>
5095 technique similar to partition pruning. While it is primarily used
5096 for partitioning implemented using the legacy inheritance method, it can be
5097 used for other purposes, including with declarative partitioning.
5098 </para>
5100 <para>
5101 Constraint exclusion works in a very similar way to partition
5104 pruning uses the table's partition bounds, which exist only in the
5105 case of declarative partitioning. Another difference is that
5106 constraint exclusion is only applied at plan time; there is no attempt
5107 to remove partitions at execution time.
5108 </para>
5110 <para>
5112 constraints, which makes it slow compared to partition pruning, can
5113 sometimes be used as an advantage: because constraints can be defined
5114 even on declaratively-partitioned tables, in addition to their internal
5115 partition bounds, constraint exclusion may be able
5116 to elide additional partitions from the query plan.
5117 </para>
5119 <para>
5120 The default (and recommended) setting of
5124 applied only to queries that are likely to be working on inheritance partitioned
5127 are unlikely to benefit.
5128 </para>
5130 <para>
5131 The following caveats apply to constraint exclusion:
5133 <itemizedlist>
5134 <listitem>
5135 <para>
5136 Constraint exclusion is only applied during query planning, unlike
5137 partition pruning, which can also be applied during query execution.
5138 </para>
5139 </listitem>
5141 <listitem>
5142 <para>
5144 clause contains constants (or externally supplied parameters).
5145 For example, a comparison against a non-immutable function such as
5147 planner cannot know which child table the function's value might fall
5148 into at run time.
5149 </para>
5150 </listitem>
5152 <listitem>
5153 <para>
5154 Keep the partitioning constraints simple, else the planner may not be
5155 able to prove that child tables might not need to be visited. Use simple
5156 equality conditions for list partitioning, or simple
5157 range tests for range partitioning, as illustrated in the preceding
5158 examples. A good rule of thumb is that partitioning constraints should
5159 contain only comparisons of the partitioning column(s) to constants
5160 using B-tree-indexable operators, because only B-tree-indexable
5161 column(s) are allowed in the partition key.
5162 </para>
5163 </listitem>
5165 <listitem>
5166 <para>
5167 All constraints on all children of the parent table are examined
5168 during constraint exclusion, so large numbers of children are likely
5169 to increase query planning time considerably. So the legacy
5170 inheritance based partitioning will work well with up to perhaps a
5171 hundred child tables; don't try to use many thousands of children.
5172 </para>
5173 </listitem>
5175 </itemizedlist>
5176 </para>
5177 </sect2>
5182 <para>
5183 The choice of how to partition a table should be made carefully, as the
5184 performance of query planning and execution can be negatively affected by
5185 poor design.
5186 </para>
5188 <para>
5189 One of the most critical design decisions will be the column or columns
5190 by which you partition your data. Often the best choice will be to
5191 partition by the column or set of columns which most commonly appear in
5194 with the partition bound constraints can be used to prune unneeded
5195 partitions. However, you may be forced into making other decisions by
5198 factor to consider when planning your partitioning strategy. An entire
5199 partition can be detached fairly quickly, so it may be beneficial to
5200 design the partition strategy in such a way that all data to be removed
5201 at once is located in a single partition.
5202 </para>
5204 <para>
5205 Choosing the target number of partitions that the table should be divided
5206 into is also a critical decision to make. Not having enough partitions
5207 may mean that indexes remain too large and that data locality remains poor
5208 which could result in low cache hit ratios. However, dividing the table
5209 into too many partitions can also cause issues. Too many partitions can
5210 mean longer query planning times and higher memory consumption during both
5211 query planning and execution, as further described below.
5212 When choosing how to partition your table,
5213 it's also important to consider what changes may occur in the future. For
5214 example, if you choose to have one partition per customer and you
5215 currently have a small number of large customers, consider the
5216 implications if in several years you instead find yourself with a large
5217 number of small customers. In this case, it may be better to choose to
5220 hoping that the number of customers does not increase beyond what it is
5221 practical to partition the data by.
5222 </para>
5224 <para>
5225 Sub-partitioning can be useful to further divide partitions that are
5226 expected to become larger than other partitions.
5227 Another option is to use range partitioning with multiple columns in
5228 the partition key.
5229 Either of these can easily lead to excessive numbers of partitions,
5230 so restraint is advisable.
5231 </para>
5233 <para>
5234 It is important to consider the overhead of partitioning during
5235 query planning and execution. The query planner is generally able to
5236 handle partition hierarchies with up to a few thousand partitions fairly
5237 well, provided that typical queries allow the query planner to prune all
5238 but a small number of partitions. Planning times become longer and memory
5239 consumption becomes higher when more partitions remain after the planner
5240 performs partition pruning. Another
5241 reason to be concerned about having a large number of partitions is that
5242 the server's memory consumption may grow significantly over
5243 time, especially if many sessions touch large numbers of partitions.
5244 That's because each partition requires its metadata to be loaded into the
5245 local memory of each session that touches it.
5246 </para>
5248 <para>
5249 With data warehouse type workloads, it can make sense to use a larger
5251 Generally, in data warehouses, query planning time is less of a concern as
5252 the majority of processing time is spent during query execution. With
5253 either of these two types of workload, it is important to make the right
5254 decisions early, as re-partitioning large quantities of data can be
5255 painfully slow. Simulations of the intended workload are often beneficial
5256 for optimizing the partitioning strategy. Never just assume that more
5257 partitions are better than fewer partitions, nor vice-versa.
5258 </para>
5259 </sect2>
5261 </sect1>
5266 <indexterm>
5268 </indexterm>
5269 <indexterm>
5271 </indexterm>
5272 <indexterm>
5274 </indexterm>
5276 <para>
5278 specification, allowing you to access data that resides outside
5279 PostgreSQL using regular SQL queries. Such data is referred to as
5281 with foreign keys, which are a type of constraint within the database.)
5282 </para>
5284 <para>
5285 Foreign data is accessed with help from a
5287 library that can communicate with an external data source, hiding the
5288 details of connecting to the data source and obtaining data from it.
5291 wrappers might be found as third party products. If none of the existing
5292 foreign data wrappers suit your needs, you can write your own; see <xref
5294 </para>
5296 <para>
5298 object, which defines how to connect to a particular external data source
5299 according to the set of options used by its supporting foreign data
5300 wrapper. Then you need to create one or more <firstterm>foreign
5301 tables</firstterm>, which define the structure of the remote data. A
5302 foreign table can be used in queries just like a normal table, but a
5303 foreign table has no storage in the PostgreSQL server. Whenever it is
5305 to fetch data from the external source, or transmit data to the external
5306 source in the case of update commands.
5307 </para>
5309 <para>
5310 Accessing remote data may require authenticating to the external
5311 data source. This information can be provided by a
5313 such as user names and passwords based
5315 </para>
5317 <para>
5318 For additional information, see
5324 </para>
5325 </sect1>
5330 <para>
5331 Tables are the central objects in a relational database structure,
5332 because they hold your data. But they are not the only objects
5333 that exist in a database. Many other kinds of objects can be
5334 created to make the use and management of the data more efficient
5335 or convenient. They are not discussed in this chapter, but we give
5336 you a list here so that you are aware of what is possible:
5337 </para>
5339 <itemizedlist>
5340 <listitem>
5341 <para>
5342 Views
5343 </para>
5344 </listitem>
5346 <listitem>
5347 <para>
5348 Functions, procedures, and operators
5349 </para>
5350 </listitem>
5352 <listitem>
5353 <para>
5354 Data types and domains
5355 </para>
5356 </listitem>
5358 <listitem>
5359 <para>
5360 Triggers and rewrite rules
5361 </para>
5362 </listitem>
5363 </itemizedlist>
5365 <para>
5366 Detailed information on
5368 </para>
5369 </sect1>
5377 </indexterm>
5382 </indexterm>
5384 <para>
5385 When you create complex database structures involving many tables
5386 with foreign key constraints, views, triggers, functions, etc. you
5387 implicitly create a net of dependencies between the objects.
5388 For instance, a table with a foreign key constraint depends on the
5389 table it references.
5390 </para>
5392 <para>
5393 To ensure the integrity of the entire database structure,
5395 drop objects that other objects still depend on. For example,
5396 attempting to drop the products table we considered in <xref
5398 it, would result in an error message like this:
5399 <screen>
5400 DROP TABLE products;
5402 ERROR: cannot drop table products because other objects depend on it
5403 DETAIL: constraint orders_product_no_fkey on table orders depends on table products
5404 HINT: Use DROP ... CASCADE to drop the dependent objects too.
5405 </screen>
5406 The error message contains a useful hint: if you do not want to
5407 bother deleting all the dependent objects individually, you can run:
5408 <screen>
5409 DROP TABLE products CASCADE;
5410 </screen>
5411 and all the dependent objects will be removed, as will any objects
5412 that depend on them, recursively. In this case, it doesn't remove
5413 the orders table, it only removes the foreign key constraint.
5414 It stops there because nothing depends on the foreign key constraint.
5418 </para>
5420 <para>
5423 the possible dependencies varies with the type of the object. You
5426 prevent dropping objects that any other objects depend on.
5427 </para>
5429 <note>
5430 <para>
5431 According to the SQL standard, specifying either
5434 enforces that rule, but whether the default behavior
5436 across systems.
5437 </para>
5438 </note>
5440 <para>
5443 dependencies outside the specified group. For example, when saying
5447 </para>
5449 <para>
5450 For a user-defined function or procedure whose body is defined as a string
5452 dependencies associated with the function's externally-visible properties,
5454 that could only be known by examining the function body. As an example,
5455 consider this situation:
5457 <programlisting>
5458 CREATE TYPE rainbow AS ENUM ('red', 'orange', 'yellow',
5459 'green', 'blue', 'purple');
5461 CREATE TABLE my_colors (color rainbow, note text);
5463 CREATE FUNCTION get_color_note (rainbow) RETURNS text AS
5464 'SELECT note FROM my_colors WHERE color = $1'
5465 LANGUAGE SQL;
5466 </programlisting>
5471 type: dropping the type would force dropping the function, because its
5475 the table is dropped. While there are disadvantages to this approach,
5476 there are also benefits. The function is still valid in some sense if the
5477 table is missing, though executing it would cause an error; creating a new
5478 table of the same name would allow the function to work again.
5479 </para>
5481 <para>
5482 On the other hand, for an SQL-language function or procedure whose body
5483 is written in SQL-standard style, the body is parsed at function
5484 definition time and all dependencies recognized by the parser are
5485 stored. Thus, if we write the function above as
5487 <programlisting>
5488 CREATE FUNCTION get_color_note (rainbow) RETURNS text
5489 BEGIN ATOMIC
5490 SELECT note FROM my_colors WHERE color = $1;
5491 END;
5492 </programlisting>
5496 </para>
5497 </sect1>
5499 </chapter>