Trusted extension

An extension which can be installed by non-superusers

A trusted extension is an extension which can be installed by a non-superuser.

Trusted extensions were added in PostgreSQL 13.

Usage

Trusted extensions can be installed by any user with CREATE privileges on the current database, typically the database owner.

An extension can be marked as trusted by including the line

trusted = true

in its control file.

Currently it is only possible to determine whether an extension is trusted or not by examining its documentation or control file.

Trusted extensions should not be confused with trusted languages.

Change history

Examples

Normally a non-superuser is not able to create an extension:

postgres=> CREATE EXTENSION ltree;
ERROR:  permission denied to create extension "ltree"
HINT:  Must have CREATE privilege on current database to create this extension.

If the CREATE privilege is granted on the database, the extension can be created:

postgres=> \c - postgres
You are now connected to database "postgres" as user "postgres".

postgres=# GRANT CREATE ON DATABASE postgres TO foo;
GRANT

postgres=# \c - foo
You are now connected to database "postgres" as user "foo".

postgres=> CREATE EXTENSION ltree;
CREATE EXTENSION

Attempting to create an untrusted extension as a non-superuser:

postgres=> CREATE EXTENSION sslinfo;
ERROR:  permission denied to create extension "sslinfo"
HINT:  Must be superuser to create this extension.

Categories

Extension

See also

trusted language