This section describes the system management functions used by the confidentiality management feature. All functions abort the transaction on failure.
Note
Be careful when performing operations that involve deleting confidentiality groups.
If you remove a confidentiality group along with a confidentiality group role, you simply no longer have the role that can access the confidentiality object. However, when you leave the confidentiality group role, the function revokes privileges from the confidentiality group role. The privilege to revoke is the privilege defined in confidentiality privileges.
The pgx_get_privileges_on_matrix function may output a very large table if the number of confidentiality objects or roles is large. If the size of this table exceeds the value of PostgreSQL's work_mem parameter, I/O will occur according to PostgreSQL's specifications and will be slow. To prevent this, it is recommended that work_mem be set as high as possible in the session in which this function is executed.
