https://tech.uvoo.io/index.php?action=history&feed=atom&title=RLS_example 2026-04-24T15:40:35Z Revision history for this page on the wiki MediaWiki 1.35.2 https://tech.uvoo.io/index.php?title=RLS_example&diff=5278&oldid=prev 2024-05-27T13:47:51Z

<p>Created page with &quot;# Simple Example ``` CREATE USER alice PASSWORD &#039;password&#039;; CREATE USER bob PASSWORD &#039;password&#039;; CREATE USER carol PASSWORD &#039;password&#039;; GRANT group_admin TO alice; GRANT group...&quot;</p> <p><b>New page</b></p><div># Simple Example<br /> ```<br /> CREATE USER alice PASSWORD 'password'; CREATE USER bob PASSWORD 'password'; CREATE USER carol PASSWORD 'password'; GRANT group_admin TO alice; GRANT group_user TO bob; GRANT group_manager TO carol;<br /> ```<br /> <br /> ```<br /> CREATE TABLE confidential_data ( id SERIAL PRIMARY KEY, data TEXT, user_groups TEXT[] ); INSERT INTO confidential_data (data, user_groups) VALUES ('Admin and Manager Data', ARRAY['group_admin', 'group_manager']), ('User Data', ARRAY['group_user']), ('Admin and User Data', ARRAY['group_admin', 'group_user']);<br /> ```<br /> <br /> ```<br /> ALTER TABLE confidential_data ENABLE ROW LEVEL SECURITY;<br /> ```<br /> <br /> ```<br /> CREATE POLICY group_policy ON confidential_data FOR SELECT USING (EXISTS ( SELECT 1 FROM unnest(user_groups) AS g WHERE g = ANY (SELECT rolname FROM pg_roles WHERE pg_has_role(current_user, oid, 'member')) ));<br /> ```<br /> <br /> ```<br /> ALTER TABLE confidential_data FORCE ROW LEVEL SECURITY;<br /> ```<br /> <br /> # Detailed Example<br /> <br /> ```<br /> CREATE ROLE group_admin; CREATE ROLE group_user; CREATE ROLE group_manager; CREATE USER alice PASSWORD 'password'; CREATE USER bob PASSWORD 'password'; CREATE USER carol PASSWORD 'password'; GRANT group_admin TO alice; GRANT group_user TO bob; GRANT group_manager TO carol;<br /> ```<br /> <br /> ```<br /> CREATE TABLE confidential_data ( id SERIAL PRIMARY KEY, data TEXT, user_groups TEXT[] ); INSERT INTO confidential_data (data, user_groups) VALUES ('Admin and Manager Data', ARRAY['group_admin', 'group_manager']), ('User Data', ARRAY['group_user']), ('Admin and User Data', ARRAY['group_admin', 'group_user']);<br /> ```<br /> <br /> ```<br /> ALTER TABLE confidential_data ENABLE ROW LEVEL SECURITY; CREATE POLICY group_policy ON confidential_data FOR SELECT USING (EXISTS ( SELECT 1 FROM unnest(user_groups) AS g WHERE g = ANY (SELECT rolname FROM pg_roles WHERE pg_has_role(current_user, oid, 'member')) )); ALTER TABLE confidential_data FORCE ROW LEVEL SECURITY;<br /> ```<br /> <br /> ```<br /> SET ROLE alice; SELECT * FROM confidential_data;<br /> Alice should see rows where user_groups contains group_admin.<br /> As Bob (group_user):<br /> <br /> SET ROLE bob; SELECT * FROM confidential_data;<br /> Bob should see rows where user_groups contains group_user.<br /> As Carol (group_manager):<br /> <br /> SET ROLE carol; SELECT * FROM confidential_data;<br /> Carol should see rows where user_groups contains group_manager.<br /> ```</div>

Busk