- 最新
- 投票最多
- 评论最多
Once a RLS policy is attached to a table then all access to the table goes through the policy. So you will need to have a restrictive policy for the user you want to restrict, and another permissive policy for everyone else so other can access the table.
IGNORE RLS
is one way to do this and it will work as long as you do not need to actually apply any other RLS policy to those users.
Better might be to create a separate permissive policy as shown in RLS blog example policy all_can_see
and use that instead.
To achieve this, you can utilize a combination of roles and RLS policies. Here's how you can do it:
Create a Role for the User:
First, create a role specifically for the user who needs restricted access to the data.
sql
CREATE ROLE restricted_user_role;
Create RLS Policy for the User: Define an RLS policy that restricts data access based on the specific criteria for the user.
sql
CREATE ROW LEVEL SECURITY POLICY rls_name ON schema.table_name FOR SELECT USING (id IN (1, 2, 3, 4));
Attach the RLS Policy to the User's Role: Attach the RLS policy to the role created for the user.
sql
ALTER TABLE schema.table_name ENABLE ROW LEVEL SECURITY;
ALTER TABLE schema.table_name FORCE ROW LEVEL SECURITY;
ALTER TABLE schema.table_name ENABLE ROW LEVEL SECURITY;
Grant the Role to the User: Grant the role containing the RLS policy to the specific user.
sql
GRANT restricted_user_role TO specific_user;
Grant Additional Access to Other Users: Grant access to the table for other users by assigning them roles that do not have the RLS policy attached.
sql
CREATE ROLE unrestricted_user_role; GRANT unrestricted_user_role TO other_user;
Ensure Other Users Have Sufficient Privileges: Make sure that other users have sufficient privileges to access the table. You might need to grant SELECT privileges directly to them or through appropriate roles.
sql
GRANT SELECT ON schema.table_name TO unrestricted_user_role;
相关内容
- AWS 官方已更新 2 年前