| From: | Dominique Devienne <ddevienne(at)gmail(dot)com> |
|---|---|
| To: | Vydehi Ganti <rayudugs(at)gmail(dot)com> |
| Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Clarification on RLS policy |
| Date: | 2025-04-25 09:07:48 |
| Message-ID: | CAFCRh--FkPkFQeP7ucr2seyXGPd0jTjcdWLS43s+4WYqk5weNw@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, Apr 25, 2025 at 9:09 AM Vydehi Ganti <rayudugs(at)gmail(dot)com> wrote:
> We are presently using Postgresql:PostgreSQL 15.12 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 8.5.0 20210514 (Red Hat 8.5.0-23), 64-bit
> I have a scenario where
> 1.I need to enforce RLS policy on a table for Select by calling a Function
> 2.The function would return a character varying string which should be appended to the select as a filter.
> Ex: Select * from employee would be appended with where 1=1;
> 3.When we try to implement it says the below error.
> ERROR: invalid input syntax for type boolean: "1=1" CONTEXT: PL/pgSQL function function name(name,name) while casting return value to function's return type
> 4.It works fine on Oracle. Can you please suggest how to fix this issue?
In PostgreSQL, you won't have to resort to the 1=1 trick like on Oracle.
// One RLS is active, it is an implicit DENY on all DML types.
// So we must explicitly allow SELECTs, using a dummy `USING (true)` policy.
// Note that we use ALL, and not just SELECT, because we used RESTRICTIVE
// on the UPDATE policy (needs at last one PERMISSIVE policy)
CREATE POLICY rls_pass_thru ON {} FOR ALL USING (true)
(replace {} with a table name). --DD
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Laurenz Albe | 2025-04-25 12:43:22 | Re: Clarification on RLS policy |
| Previous Message | Achilleas Mantzios - cloud | 2025-04-25 08:35:30 | Re: Clarification on RLS policy |