Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tAm4P-0003Xr-62 for pgsql-general@arkaria.postgresql.org; Tue, 12 Nov 2024 08:16:16 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tAm4L-0047m8-Sm for pgsql-general@arkaria.postgresql.org; Tue, 12 Nov 2024 08:16:14 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tAdYV-001AdL-8N for pgsql-general@lists.postgresql.org; Mon, 11 Nov 2024 23:10:47 +0000 Received: from mophilly.com ([206.214.166.96]) by magus.postgresql.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tAdYS-001R9t-6o for pgsql-general@postgresql.org; Mon, 11 Nov 2024 23:10:47 +0000 Received: (qmail 46307 invoked by uid 453); 11 Nov 2024 23:10:41 -0000 X-Virus-Checked: by ClamAV 0.103.11 on mophilly.com X-Virus-Found: No Authentication-Results: mophilly.com; auth=pass (plain) smtp.auth=mphillips Received: from wsip-98-173-51-151.sd.sd.cox.net (HELO smtpclient.apple) (98.173.51.151) by mophilly.com (qpsmtpd/0.96) with ESMTPSA (ECDHE-RSA-AES256-GCM-SHA384 encrypted); Mon, 11 Nov 2024 15:10:41 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=mophilly.com; h=from:content-type:content-transfer-encoding:mime-version:subject:message-id:date:to; s=default; bh=N8EhiYFxiXedSMFogj37GHHJKKZuh/gNGQegzvAvb6E=; b=VreBQEpEpwHlJYYsJNAsiGw4iMPVv1BiqnraHKTiZvgs4rOmpxcgVO2Kn2rSzs1XACBmWalP8922gyUSS0CezeUbfpMBEyx2dsOJEyq7lVPqaZ0kdHuxvVsunwZ3FboO14hjgKC2YxK7XCTEB0VuhNtCUUCQSIZoi6jBKFMXxEYo1WHr081LuaEj/7FyutzpmY8iWJ5u1rsqFsdN/lAjhtOxYtyQKs/RrbUlv2Za/J6ShYZYJoAjPvkSxb9qPGlwfGYq9SeeD5X51OkVaY+GdTtaWBcGjW75+CA2xaRItGxSrNyT51F+Z266XqRbTMSRMsSZ3nLrC1EeJ6NxjtCNPQ== From: Mark Phillips Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.200.121\)) Subject: create policy statement USING clause Message-Id: <054FBFBF-C87C-4C3C-B6F5-D5C09E6A7F1A@mophilly.com> Date: Mon, 11 Nov 2024 15:10:24 -0800 To: pgsql-general@postgresql.org X-Mailer: Apple Mail (2.3826.200.121) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk PostgreSQL 12 Given a table =E2=80=9Ccustomer=E2=80=9D with a column =E2=80=9Cdeadfiled=E2= =80=9D of the type boolean. The column deadfiled is used to indicate = that a row is =E2=80=9Cin the trash bin=E2=80=9D. The app has a window = that lists the contents of the =E2=80=9Ctrash bin=E2=80=9D, which any = rows with deadfiled =3D true. Row so marked should be excluded from = views and queries in all other cases when the current user has the role = =E2=80=9Capp_user". I thought I could use row level security (RLS) to filter out all the = deadfiled rows.=20 ALTER TABLE customer ENABLE ROW LEVEL SECURITY; CREATE POLICY filter_customer_deadfiled ON public.customer FOR SELECT TO app_staff USING ( NOT deadfiled ); However, that did not work as desired. I have read through a dozen = articles and posts online but haven=E2=80=99t figured out the USING = clause. To my surprise, this worked: CREATE POLICY customer_deadfiled ON public.customer AS PERMISSIVE FOR SELECT TO prm_staff USING (coalesce(deadfiled,false)=3Dfalse); So my question is specifically about the USING clause, but also more = broadly about this attempted application of RLS.=20 Links and advice accepted with gratitude. Mark=