TechQA.

Force row level security in postgres

56 views Asked by At

I want to enforce Row-Level Security (RLS) for PostgreSQL with Row Security Policies for ALL users including admins and table owners:

ALTER ROLE postgres WITH NOBYPASSRLS; -- enforce for the superuser
ALTER TABLE items ENABLE ROW LEVEL SECURITY;
ALTER TABLE items FORCE ROW LEVEL SECURITY; -- enforce RLS for table owners

CREATE POLICY never_anything_policy ON items
FOR ALL -- cannot do anything
USING (false); -- never true

Still I can query ALL items as user postgres

postgresql row-level-security
Original Q&A
1

There are 1 answers

0
Laurenz Albe On BEST ANSWER

Superusers are always exempt from row level security. The documentation says:

superuser status

A database superuser bypasses all permission checks, except the right to log in.

And further:

Superusers and roles with the BYPASSRLS attribute always bypass the row security system when accessing a table.

There is no point in trying to keep a superuser from seeing or doing something, but that is no problem. You don't use superusers for anything but administrative tasks anyway.

Related Questions in POSTGRESQL

Related Questions in ROW-LEVEL-SECURITY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions