Abhijit Menon-Sen <ams@2ndQuadrant.com> writes:
> Earlier, I was using a combination of check and assign hooks to convert
> names to OIDs, but (as Andres pointed out) that would have problems with
> cache invalidations. I was even playing with caching membership lookups,
> but I ripped out all that code.
> In the attached patch, role_is_audited does all the hard work to split
> up the list of roles, look up the corresponding OIDs, and check if the
> user is a member of any of those roles. It works fine, but it doesn't
> seem desirable to repeat all that work for every statement.
> So does anyone have suggestions about how to make this faster?
Have you read the code in acl.c that caches lookup results for
role-is-member-of checks? Sounds pretty closely related.
regards, tom lane