Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tBYaN-004b0X-To for pgsql-general@arkaria.postgresql.org; Thu, 14 Nov 2024 12:04:31 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tBYaL-0036bM-9q for pgsql-general@arkaria.postgresql.org; Thu, 14 Nov 2024 12:04:29 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tBYaK-0036bE-TX for pgsql-general@lists.postgresql.org; Thu, 14 Nov 2024 12:04:29 +0000 Received: from mail.narocalifornia.org ([206.214.166.96] helo=mophilly.com) by magus.postgresql.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tBYaH-001t4n-BL for pgsql-general@lists.postgresql.org; Thu, 14 Nov 2024 12:04:28 +0000 Received: (qmail 44801 invoked by uid 453); 14 Nov 2024 12:04:22 -0000 X-Virus-Checked: by ClamAV 0.103.11 on mophilly.com X-Virus-Found: No Authentication-Results: mophilly.com; auth=pass (plain) smtp.auth=mphillips Received: from wsip-98-173-51-151.sd.sd.cox.net (HELO smtpclient.apple) (98.173.51.151) by mophilly.com (qpsmtpd/0.96) with ESMTPSA (ECDHE-RSA-AES256-GCM-SHA384 encrypted); Thu, 14 Nov 2024 04:04:22 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=mophilly.com; h=content-type:content-transfer-encoding:from:mime-version:subject:date:message-id:references:cc:in-reply-to:to; s=default; bh=VFDLHSRqM8janh6opp6/idoID/1HU7H19ITfpRIOF+E=; b=KgIftpbd75tTtObKdQHvbZli9G4VxQMhFjAKOILDm0kcdkadBm2yYkcZURBP6eBAv05v7imvWmYZ9F7Lsn69j20xLq45gpVsSRZAJrYrsAp8/KkBZww3r8qalRy1pfynkTo0BMkAYEmTq+gagW6ZJSy6gzG6hlNEJkUqF/MJ9LyD9qSq2zXDglBCtyTTXGiQnGaVngALNX39rT6vseVPes/xV+bvF6m9a58axkrkfT8VRDKnpD6gUsA2wn9ZMZlo3mYBDC3LYuflQ3KPYbygt2YC9y0ip7E7WjVjRWsqphlXqFu89yVtUrHsMYfrr9dbqBsSpC/wvcIlKZWd5+rMZA== Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Mark Phillips Mime-Version: 1.0 (1.0) Subject: Re: Row level security policy Date: Thu, 14 Nov 2024 04:04:00 -0800 Message-Id: <8DC107DB-1FE0-45F2-98D5-554B8EFAA990@mophilly.com> References: Cc: pgsql-general@lists.postgresql.org In-Reply-To: To: Laurenz Albe X-Mailer: iPad Mail (22A3370) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Thank you for clarifying this. I missed that even though it is there in the s= econd paragraph. - Mark, out and about. > On Nov 14, 2024, at 1:57=E2=80=AFAM, Laurenz Albe wrote: >=20 > =EF=BB=BFOn Wed, 2024-11-13 at 17:33 -0800, Mark Phillips wrote: >> Given a database table with one policy statement FOR SELECT applied, it i= s necessary >> to apply additional policy statements for insert, update, and delete oper= ations? >>=20 >> My testing indicates that this is case but I haven=E2=80=99t found an exp= lanation of this >> requirement in the documentation. >=20 > https://www.postgresql.org/docs/current/ddl-rowsecurity.html says: >=20 > When row security is enabled on a table (with ALTER TABLE ... ENABLE ROW L= EVEL SECURITY), > all normal access to the table for selecting rows or modifying rows must b= e allowed by > a row security policy. >=20 > So if you only have a policy for SELECT, that's all you are allowed to do.= >=20 > Yours, > Laurenz Albe