Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1u8F2p-00Gixs-4F
	for pgsql-general@arkaria.postgresql.org; Fri, 25 Apr 2025 09:08:27 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1u8F2m-008fAG-TS
	for pgsql-general@arkaria.postgresql.org; Fri, 25 Apr 2025 09:08:25 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <ddevienne@gmail.com>)
	id 1u8F2m-008fA2-II
	for pgsql-general@lists.postgresql.org; Fri, 25 Apr 2025 09:08:25 +0000
Received: from mail-oo1-xc31.google.com ([2607:f8b0:4864:20::c31])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <ddevienne@gmail.com>)
	id 1u8F2j-001w7x-30
	for pgsql-general@lists.postgresql.org;
	Fri, 25 Apr 2025 09:08:24 +0000
Received: by mail-oo1-xc31.google.com with SMTP id 006d021491bc7-603fd257386so535878eaf.1
        for <pgsql-general@lists.postgresql.org>; Fri, 25 Apr 2025 02:08:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1745572100; x=1746176900; darn=lists.postgresql.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=6Q9lBKCv9YN9ilpBE0PlsOwAYyK7Rvuh2s1TlixHfqc=;
        b=mQB1uzimNVH/lKX1xZ2CjvvVGg84B69ndqrBufyeFgGUZMNWDhmpI7XMGXMydz2mX5
         Ty+Q+zPpvIJBpbXrn8GOkp56tFjl1GJrvCAJk7S2TLUpvlh/+7YVGWTX1enYxMcrjbm6
         p1FxBwQzTdyK+9FMIiuVekDMdYzr5vYZTQiaUEdZkizz8ZGnzTi1Eo4pVpY3YzG5YHFn
         DRVrUqi4KUQH57FbxkFMTH2NaQTGqVaYCHcXZ9+vzp0XIPfMATlwdCxQUVctuJZvwG0L
         lmVGQFUb0eFSH3uVQXl9Idhya27IzRlE9aymx1R9RySdWmRGbDPGXSqLjq+x6swqp3BE
         BXRw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1745572100; x=1746176900;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=6Q9lBKCv9YN9ilpBE0PlsOwAYyK7Rvuh2s1TlixHfqc=;
        b=AoR6+HjJd3lmKzSWXtjixxsgNE2SsKoqfwmqBPFkGRmUckeHTMKfzT114rongjI04A
         ++6hg7l9C9r4HDzPOwIsRh7SyqmAecvW824gQOvsg2nLGXSVSkwmQdQ9CDyYsm0WEOmX
         CGVageAf9VqkY61VtkQrwv04RgPb/guyGy6nJpnS7wnXeoG7dmrDQ1jZTVPpF7l93e4c
         mKXS/qJZ1bHElrg9pRArlsIxADESKVc8W7UdFy1t85zXV2zA7hQ9SzVpMb9dr5d7PlY+
         ZESh23AjClRAwxQL5WmROzjzM+im8e5L4pL1s+dw5rSCTvjdlwcWqJf9uZY0IDFfsXhu
         QoTQ==
X-Gm-Message-State: AOJu0YzP6J3ibeoWxXVHV+KLm4ktQ26tI2rj1sIejzioidYH6fpifh75
	TN3jt1gJ1gRv/wrHDPm3+QErzRXfMZdkCrpIySN6QwbmtRgHR2iRdoRRo61r40gPhqtS9IQz3TE
	oOGIcudkoSlaFII7KCoBcoh1Bq+0=
X-Gm-Gg: ASbGncsb8G+REcuYf6JRHK6ulEYbj1nGVYbqzYCIoTVwWLRpR5+x0mDbPlxRNHxXeqA
	hAHee8830lcotZR1G6eSNLNMN14axjeOEScGRr7wUmaNXk3qgTcMAEC4iw/gSFTs0ovzxgML0wm
	LyoK72Nb1wmn/2dtOgI/qbrdt4
X-Google-Smtp-Source: AGHT+IHIabEftTF7xqYbWplBwbhaimI2kvxxU6UcoYM4RlnSifp1PdAsXlk7oaoov3W8omW777U5fmNWXwy1Dx0w+yA=
X-Received: by 2002:a05:6820:4b92:b0:603:fd3b:aef6 with SMTP id
 006d021491bc7-60652c4fa90mr569485eaf.8.1745572100599; Fri, 25 Apr 2025
 02:08:20 -0700 (PDT)
MIME-Version: 1.0
References: <CAMH-PzUPN7JcLXJx-aJzGnJD2T-aSMo8gaMFkzO_x26urpMqSA@mail.gmail.com>
In-Reply-To: <CAMH-PzUPN7JcLXJx-aJzGnJD2T-aSMo8gaMFkzO_x26urpMqSA@mail.gmail.com>
From: Dominique Devienne <ddevienne@gmail.com>
Date: Fri, 25 Apr 2025 11:07:48 +0200
X-Gm-Features: ATxdqUHQBwFBIACV84-z5sPIasBwpXRA9ZcorKZ4piS8HYFaK5ct82Vvur5yG30
Message-ID: <CAFCRh--FkPkFQeP7ucr2seyXGPd0jTjcdWLS43s+4WYqk5weNw@mail.gmail.com>
Subject: Re: Clarification on RLS policy
To: Vydehi Ganti <rayudugs@gmail.com>
Cc: pgsql-general@lists.postgresql.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/CAFCRh--FkPkFQeP7ucr2seyXGPd0jTjcdWLS43s%2B4WYqk5weNw%40mail.gmail.com>
Precedence: bulk

On Fri, Apr 25, 2025 at 9:09=E2=80=AFAM Vydehi Ganti <rayudugs@gmail.com> w=
rote:
> We are presently using Postgresql:PostgreSQL 15.12 on x86_64-pc-linux-gnu=
, compiled by gcc (GCC) 8.5.0 20210514 (Red Hat 8.5.0-23), 64-bit
> I have a scenario where
> 1.I need to enforce RLS policy on a table for Select by calling a Functio=
n
> 2.The function would return a character varying string which should be ap=
pended to the select as a filter.
> Ex: Select * from employee would be appended with where 1=3D1;
> 3.When we try to implement it says the below error.
> ERROR: invalid input syntax for type boolean: "1=3D1" CONTEXT: PL/pgSQL f=
unction function name(name,name) while casting return value to function's r=
eturn type
> 4.It works fine on Oracle. Can you please suggest how to fix this issue?

In PostgreSQL, you won't have to resort to the 1=3D1 trick like on Oracle.

    // One RLS is active, it is an implicit DENY on all DML types.
    // So we must explicitly allow SELECTs, using a dummy `USING (true)` po=
licy.
    // Note that we use ALL, and not just SELECT, because we used RESTRICTI=
VE
    // on the UPDATE policy (needs at last one PERMISSIVE policy)
    CREATE POLICY rls_pass_thru ON {} FOR ALL USING (true)

(replace {} with a table name). --DD