diff --git a/doc/src/sgml/ref/pg_dump.sgml b/doc/src/sgml/ref/pg_dump.sgml
index 1975054d7bfb..0ae40f9be58d 100644
--- a/doc/src/sgml/ref/pg_dump.sgml
+++ b/doc/src/sgml/ref/pg_dump.sgml
@@ -1105,6 +1105,15 @@ PostgreSQL documentation
+
+
+
+
+ Do not dump row security policies.
+
+
+
+
diff --git a/doc/src/sgml/ref/pg_dumpall.sgml b/doc/src/sgml/ref/pg_dumpall.sgml
index c2fa5be95193..ae5afb3c7d53 100644
--- a/doc/src/sgml/ref/pg_dumpall.sgml
+++ b/doc/src/sgml/ref/pg_dumpall.sgml
@@ -441,6 +441,15 @@ exclude database PATTERN
+
+
+
+
+ Do not dump row security policies.
+
+
+
+
diff --git a/doc/src/sgml/ref/pg_restore.sgml b/doc/src/sgml/ref/pg_restore.sgml
index 199ea3345f30..351401878078 100644
--- a/doc/src/sgml/ref/pg_restore.sgml
+++ b/doc/src/sgml/ref/pg_restore.sgml
@@ -723,6 +723,16 @@ PostgreSQL documentation
+
+
+
+
+ Do not output commands to restore row security policies, even if
+ the archive contains them.
+
+
+
+
diff --git a/src/bin/pg_dump/pg_backup.h b/src/bin/pg_dump/pg_backup.h
index e783cc68d892..ada80c6cf9a8 100644
--- a/src/bin/pg_dump/pg_backup.h
+++ b/src/bin/pg_dump/pg_backup.h
@@ -111,6 +111,7 @@ typedef struct _restoreOptions
int column_inserts;
int if_exists;
int no_comments; /* Skip comments */
+ int no_policies; /* Skip row security policies */
int no_publications; /* Skip publication entries */
int no_security_labels; /* Skip security label entries */
int no_subscriptions; /* Skip subscription entries */
@@ -183,6 +184,7 @@ typedef struct _dumpOptions
int no_comments;
int no_security_labels;
int no_publications;
+ int no_policies; /* Skip row security policies */
int no_subscriptions;
int no_toast_compression;
int no_unlogged_table_data;
diff --git a/src/bin/pg_dump/pg_backup_archiver.c b/src/bin/pg_dump/pg_backup_archiver.c
index 7480e122b61f..82d51c89ac67 100644
--- a/src/bin/pg_dump/pg_backup_archiver.c
+++ b/src/bin/pg_dump/pg_backup_archiver.c
@@ -188,6 +188,7 @@ dumpOptionsFromRestoreOptions(RestoreOptions *ropt)
dopt->disable_dollar_quoting = ropt->disable_dollar_quoting;
dopt->dump_inserts = ropt->dump_inserts;
dopt->no_comments = ropt->no_comments;
+ dopt->no_policies = ropt->no_policies;
dopt->no_publications = ropt->no_publications;
dopt->no_security_labels = ropt->no_security_labels;
dopt->no_subscriptions = ropt->no_subscriptions;
@@ -2966,6 +2967,12 @@ _tocEntryRequired(TocEntry *te, teSection curSection, ArchiveHandle *AH)
if (ropt->no_comments && strcmp(te->desc, "COMMENT") == 0)
return 0;
+ /* If it's a policy, maybe ignore it */
+ if (ropt->no_policies &&
+ (strcmp(te->desc, "POLICY") == 0 ||
+ strcmp(te->desc, "ROW SECURITY") == 0))
+ return 0;
+
/*
* If it's a publication or a table part of a publication, maybe ignore
* it.
diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c
index c371570501ac..b5d5a6cdd217 100644
--- a/src/bin/pg_dump/pg_dump.c
+++ b/src/bin/pg_dump/pg_dump.c
@@ -508,6 +508,7 @@ main(int argc, char **argv)
{"no-toast-compression", no_argument, &dopt.no_toast_compression, 1},
{"no-unlogged-table-data", no_argument, &dopt.no_unlogged_table_data, 1},
{"no-sync", no_argument, NULL, 7},
+ {"no-policies", no_argument, &dopt.no_policies, 1},
{"on-conflict-do-nothing", no_argument, &dopt.do_nothing, 1},
{"rows-per-insert", required_argument, NULL, 10},
{"include-foreign-data", required_argument, NULL, 11},
@@ -1259,6 +1260,7 @@ help(const char *progname)
printf(_(" --load-via-partition-root load partitions via the root table\n"));
printf(_(" --no-comments do not dump comment commands\n"));
printf(_(" --no-data do not dump data\n"));
+ printf(_(" --no-policies do not dump row security policies\n"));
printf(_(" --no-publications do not dump publications\n"));
printf(_(" --no-schema do not dump schema\n"));
printf(_(" --no-security-labels do not dump security label assignments\n"));
@@ -4215,6 +4217,10 @@ dumpPolicy(Archive *fout, const PolicyInfo *polinfo)
if (!dopt->dumpSchema)
return;
+ /* Skip if --no-policies was specified */
+ if (dopt->no_policies)
+ return;
+
/*
* If polname is NULL, then this record is just indicating that ROW LEVEL
* SECURITY is enabled for the table. Dump as ALTER TABLE ENABLE
diff --git a/src/bin/pg_dump/pg_dumpall.c b/src/bin/pg_dump/pg_dumpall.c
index e08672425263..2935cac2c467 100644
--- a/src/bin/pg_dump/pg_dumpall.c
+++ b/src/bin/pg_dump/pg_dumpall.c
@@ -101,6 +101,7 @@ static int no_table_access_method = 0;
static int no_tablespaces = 0;
static int use_setsessauth = 0;
static int no_comments = 0;
+static int no_policies = 0;
static int no_publications = 0;
static int no_security_labels = 0;
static int no_data = 0;
@@ -173,6 +174,7 @@ main(int argc, char *argv[])
{"use-set-session-authorization", no_argument, &use_setsessauth, 1},
{"no-comments", no_argument, &no_comments, 1},
{"no-data", no_argument, &no_data, 1},
+ {"no-policies", no_argument, &no_policies, 1},
{"no-publications", no_argument, &no_publications, 1},
{"no-role-passwords", no_argument, &no_role_passwords, 1},
{"no-schema", no_argument, &no_schema, 1},
@@ -457,6 +459,8 @@ main(int argc, char *argv[])
appendPQExpBufferStr(pgdumpopts, " --no-comments");
if (no_data)
appendPQExpBufferStr(pgdumpopts, " --no-data");
+ if (no_policies)
+ appendPQExpBufferStr(pgdumpopts, " --no-policies");
if (no_publications)
appendPQExpBufferStr(pgdumpopts, " --no-publications");
if (no_security_labels)
@@ -681,6 +685,7 @@ help(void)
printf(_(" --load-via-partition-root load partitions via the root table\n"));
printf(_(" --no-comments do not dump comment commands\n"));
printf(_(" --no-data do not dump data\n"));
+ printf(_(" --no-policies do not dump row security policies\n"));
printf(_(" --no-publications do not dump publications\n"));
printf(_(" --no-role-passwords do not dump passwords for roles\n"));
printf(_(" --no-schema do not dump schema\n"));
diff --git a/src/bin/pg_dump/pg_restore.c b/src/bin/pg_dump/pg_restore.c
index 13e4dc507e04..d947b2d20680 100644
--- a/src/bin/pg_dump/pg_restore.c
+++ b/src/bin/pg_dump/pg_restore.c
@@ -74,6 +74,7 @@ main(int argc, char **argv)
static int use_setsessauth = 0;
static int no_comments = 0;
static int no_data = 0;
+ static int no_policies = 0;
static int no_publications = 0;
static int no_schema = 0;
static int no_security_labels = 0;
@@ -129,6 +130,7 @@ main(int argc, char **argv)
{"use-set-session-authorization", no_argument, &use_setsessauth, 1},
{"no-comments", no_argument, &no_comments, 1},
{"no-data", no_argument, &no_data, 1},
+ {"no-policies", no_argument, &no_policies, 1},
{"no-publications", no_argument, &no_publications, 1},
{"no-schema", no_argument, &no_schema, 1},
{"no-security-labels", no_argument, &no_security_labels, 1},
@@ -385,6 +387,7 @@ main(int argc, char **argv)
opts->noTablespace = outputNoTablespaces;
opts->use_setsessauth = use_setsessauth;
opts->no_comments = no_comments;
+ opts->no_policies = no_policies;
opts->no_publications = no_publications;
opts->no_security_labels = no_security_labels;
opts->no_subscriptions = no_subscriptions;
@@ -505,6 +508,7 @@ usage(const char *progname)
printf(_(" --no-data do not restore data\n"));
printf(_(" --no-data-for-failed-tables do not restore data of tables that could not be\n"
" created\n"));
+ printf(_(" --no-policies do not restore row level security policies\n"));
printf(_(" --no-publications do not restore publications\n"));
printf(_(" --no-schema do not restore schema\n"));
printf(_(" --no-security-labels do not restore security labels\n"));
diff --git a/src/bin/pg_dump/t/002_pg_dump.pl b/src/bin/pg_dump/t/002_pg_dump.pl
index c7bffc1b0453..4c674232fae8 100644
--- a/src/bin/pg_dump/t/002_pg_dump.pl
+++ b/src/bin/pg_dump/t/002_pg_dump.pl
@@ -579,6 +579,13 @@
'postgres',
],
},
+ no_policies => {
+ dump_cmd => [
+ 'pg_dump', '--no-sync',
+ "--file=$tempdir/no_policies.sql",
+ '--no-policies', 'postgres',
+ ],
+ },
no_privs => {
dump_cmd => [
'pg_dump', '--no-sync',
@@ -803,6 +810,7 @@
no_toast_compression => 1,
no_large_objects => 1,
no_owner => 1,
+ no_policies => 1,
no_privs => 1,
no_statistics => 1,
no_table_access_method => 1,
@@ -1328,6 +1336,7 @@
unlike => {
exclude_dump_test_schema => 1,
exclude_test_table => 1,
+ no_policies => 1,
only_dump_measurement => 1,
},
},
@@ -2948,6 +2957,7 @@
unlike => {
exclude_dump_test_schema => 1,
exclude_test_table => 1,
+ no_policies => 1,
only_dump_measurement => 1,
},
},
@@ -2969,6 +2979,7 @@
unlike => {
exclude_dump_test_schema => 1,
exclude_test_table => 1,
+ no_policies => 1,
only_dump_measurement => 1,
},
},
@@ -2990,6 +3001,7 @@
unlike => {
exclude_dump_test_schema => 1,
exclude_test_table => 1,
+ no_policies => 1,
only_dump_measurement => 1,
},
},
@@ -3011,6 +3023,7 @@
unlike => {
exclude_dump_test_schema => 1,
exclude_test_table => 1,
+ no_policies => 1,
only_dump_measurement => 1,
},
},
@@ -3032,6 +3045,7 @@
unlike => {
exclude_dump_test_schema => 1,
exclude_test_table => 1,
+ no_policies => 1,
only_dump_measurement => 1,
},
},
@@ -3053,6 +3067,7 @@
unlike => {
exclude_dump_test_schema => 1,
exclude_test_table => 1,
+ no_policies => 1,
only_dump_measurement => 1,
},
},