Trusted extension

An extension which can be installed by non-superusers

A trusted extension is an extension which can be installed by a non-superuser.

Trusted extensions were added in PostgreSQL 13.

Usage

Trusted extensions can be installed by any user with CREATE privileges on the current database, typically the database owner.

An extension can be marked as trusted by including the line

trusted = true

in its control file.

Currently it is only possible to determine whether an extension is trusted or not by examining its documentation or control file.

Trusted extensions should not be confused with trusted languages.

Change history

PostgreSQL 13
- extensions marked as trusted (commit eb67623c)
- added (commit 50fc694e)

Examples

Normally a non-superuser is not able to create an extension:

postgres=> CREATE EXTENSION ltree;
ERROR:  permission denied to create extension "ltree"
HINT:  Must have CREATE privilege on current database to create this extension.

If the CREATE privilege is granted on the database, the extension can be created:

postgres=> \c - postgres
You are now connected to database "postgres" as user "postgres".

postgres=# GRANT CREATE ON DATABASE postgres TO foo;
GRANT

postgres=# \c - foo
You are now connected to database "postgres" as user "foo".

postgres=> CREATE EXTENSION ltree;
CREATE EXTENSION

Attempting to create an untrusted extension as a non-superuser:

postgres=> CREATE EXTENSION sslinfo;
ERROR:  permission denied to create extension "sslinfo"
HINT:  Must be superuser to create this extension.

References

PostgreSQL documentation: Security Considerations for Extensions

Version charts

Useful overviews

Useful links

Contents

Trusted extension

Usage

Change history

Examples

References

Categories

See also