ALTER TABLE: Rule Management (Enable/Disable), Row-Level Security (Enable/Disable/Force), and Clustering

replicate the propagated data; so the trigger should not fire a second time on the replica, because that would lead to duplication. However, if a trigger is used for another purpose such as creating external alerts, then it might be appropriate to set it to <literal>ENABLE ALWAYS</literal> so that it is also fired on replicas. </para> <para> When this command is applied to a partitioned table, the states of corresponding clone triggers in the partitions are updated too, unless <literal>ONLY</literal> is specified. </para> <para> This command acquires a <literal>SHARE ROW EXCLUSIVE</literal> lock. </para> </listitem> </varlistentry> <varlistentry id="sql-altertable-desc-disable-enable-rule"> <term><literal>DISABLE</literal>/<literal>ENABLE [ REPLICA | ALWAYS ] RULE</literal></term> <listitem> <para> These forms configure the firing of rewrite rules belonging to the table. A disabled rule is still known to the system, but is not applied during query rewriting. The semantics are as for disabled/enabled triggers. This configuration is ignored for <literal>ON SELECT</literal> rules, which are always applied in order to keep views working even if the current session is in a non-default replication role. </para> <para> The rule firing mechanism is also affected by the configuration variable <xref linkend="guc-session-replication-role"/>, analogous to triggers as described above. </para> </listitem> </varlistentry> <varlistentry id="sql-altertable-desc-disable-enable-row-level-security"> <term><literal>DISABLE</literal>/<literal>ENABLE ROW LEVEL SECURITY</literal></term> <listitem> <para> These forms control the application of row security policies belonging to the table. If enabled and no policies exist for the table, then a default-deny policy is applied. Note that policies can exist for a table even if row-level security is disabled. In this case, the policies will <emphasis>not</emphasis> be applied and the policies will be ignored. See also <link linkend="sql-createpolicy"><command>CREATE POLICY</command></link>. </para> </listitem> </varlistentry> <varlistentry id="sql-altertable-desc-force-row-level-security"> <term><literal>NO FORCE</literal>/<literal>FORCE ROW LEVEL SECURITY</literal></term> <listitem> <para> These forms control the application of row security policies belonging to the table when the user is the table owner. If enabled, row-level security policies will be applied when the user is the table owner. If disabled (the default) then row-level security will not be applied when the user is the table owner. See also <link linkend="sql-createpolicy"><command>CREATE POLICY</command></link>. </para> </listitem> </varlistentry> <varlistentry id="sql-altertable-desc-cluster-on"> <term><literal>CLUSTER ON</literal></term> <listitem> <para> This form selects the default index for future <link linkend="sql-cluster"><command>CLUSTER</command></link> operations. It does not actually re-cluster the table. </para> <para> Changing cluster options acquires a <literal>SHARE UPDATE EXCLUSIVE</literal> lock. </para> </listitem> </varlistentry> <varlistentry id="sql-altertable-desc-set-without-cluster"> <term><literal>SET WITHOUT CLUSTER</literal></term> <listitem> <para> This form removes the most recently used <link linkend="sql-cluster"><command>CLUSTER</command></link> index specification from the table. This affects future cluster operations that don't specify an index. </para> <para> Changing cluster options acquires a <literal>SHARE UPDATE EXCLUSIVE</literal> lock. </para> </listitem>

This section covers ALTER TABLE's rule management features, including enabling and disabling rewrite rules, similar to triggers, and explains how replication roles affect rule firing. It also details row-level security controls, such as enabling or disabling row-level security policies and forcing row-level security for table owners. Finally, it describes how to set or remove the default index for future CLUSTER operations.