Re: Can row level security policies also be implemented for views?

Caleb,

* Caleb Meredith (calebmeredith8@gmail.com) wrote:
> I'm developing an application where strict control of my data is important.
> Views allow me to build a strict custom reading experience, allowing me to
> add computed columns and hide private and metadata columns. Row level
> security allows me strict write control of my data. However, I can't use
> both technologies together, why?

The short and simple answer is that it simply hasn't been done yet.

> It seems easy conceptually, RLS just adds a WHERE clause to queries if I'm
> not mistaken, and conceptually a view is just a query. The CURRENT_USER
> issue is valid, but personally it's not too big for me as most auth is done
> through database parameters.

The hard part is making sure that what happens when there are policies
on views actually makes sense and works as users expect.

Thanks!

Stephen