Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sojjW-00DS5U-KV for pgsql-general@arkaria.postgresql.org; Thu, 12 Sep 2024 13:19:39 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1sojjW-007xfy-43 for pgsql-general@arkaria.postgresql.org; Thu, 12 Sep 2024 13:19:38 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sojjV-007xfL-PB for pgsql-general@lists.postgresql.org; Thu, 12 Sep 2024 13:19:37 +0000 Received: from mail-yw1-x112b.google.com ([2607:f8b0:4864:20::112b]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1sojjS-000o9W-Gs for pgsql-general@lists.postgresql.org; Thu, 12 Sep 2024 13:19:36 +0000 Received: by mail-yw1-x112b.google.com with SMTP id 00721157ae682-6da395fb97aso7896867b3.0 for ; Thu, 12 Sep 2024 06:19:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1726147174; x=1726751974; darn=lists.postgresql.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=GIHrvmQ7cwrqd9kJPifgKhW2QgAh8Fua+NE91gez/pY=; b=WUG3lclJb6XE3B75Gy2iSWniahsb5FqR7ALqNES0j3zupCYQS2EFhtrnh44inoDVIX m39ap4pnreCLc5r7vLaGdyEbfxumQV/4jxj1+rZ1SFLPrn3otv9KgxSNCzcWSfD2FkmY HtDTcoIb8eaBq+kuMTdpI8y9dLYTs7XpaQlJGrW5Is25luYUMumW8DY0TMU43sSGZD5E 6kCHk7bO0H2u3Ck+ZNUPJzXZbnWJvQ5pOCR7LFrILDw1D2VuGoCIUFIIdrcUS9XxDbVd 50wLk+VEpKzfvoV0BDoQonlWqh6F0hK0nxG0iqvp3qZdJIf41HIMbpIJnpVnDDT/gs2y aUQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726147174; x=1726751974; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=GIHrvmQ7cwrqd9kJPifgKhW2QgAh8Fua+NE91gez/pY=; b=f3R9Wyc+XBShBAnBL3JQ/YyuGUqoQrqJQSGy14gKVVKyXuV+TDLmox+syrGmj2Tusy cTPheqdJMkyWr8XE0Jrc2Jp1LF4bTiwgFQdIWX1nJH+AChwB5t3NVmwc6UTJJsuidDCj vDnv2LVxoJL/vfFZS1AxbAkMQFTTsyL0ZCFr40pth/7vSqrLPP9PR658oXVWFL5k9aeQ jClZUs9lLa5+lKvC3iBHAofsA93TlmWWkSnyj8zDajOPwc/x0WfwAVVQaGbl1rQFuozW 1TRdV0azKzU8F4OUomw/6tGuthd4QALGfSgqPrAAiDR2SvbRCXkXwDiLqNbJlClLgLcr IZrQ== X-Gm-Message-State: AOJu0YyXaxW2NMrisZHpzunVExZRzRYV3DqbrWyQ8GalMrfU7gj8hgs4 ZoW2L8qIf1ARCvmT5/75xDXcEZTzVCTY4/u4OmMGDP/Yygrpsezmkk/zMYK2xZFJKWtOr1ya4Rm PzwsroicdmtfpS0k3fd5+47ZKaxrLosRy7lU= X-Google-Smtp-Source: AGHT+IHOztoj4WPbYmEAx7yJ5hqtqdYEATt0DgvgyN+TQzFkTwiH64mxolIIPskyUb7qxVLJ77gDN9F+NoXk2/uCtBU= X-Received: by 2002:a05:690c:300a:b0:6b7:a7b3:8da3 with SMTP id 00721157ae682-6dbb6b20707mr19073827b3.19.1726147173674; Thu, 12 Sep 2024 06:19:33 -0700 (PDT) MIME-Version: 1.0 From: Sanjay Minni Date: Thu, 12 Sep 2024 18:49:07 +0530 Message-ID: Subject: RLS and Table Inheritance To: "pgsql-generallists.postgresql.org" Content-Type: multipart/alternative; boundary="0000000000001dfa2c0621ebf5d6" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --0000000000001dfa2c0621ebf5d6 Content-Type: text/plain; charset="UTF-8" Hi, Do RLS policies defined at the parent, work on the child (in Table inheritance). At the parent I have a column 'site_id' with an RLS policy that only rows with site_id = current_setting(curr_site_id) would be accessible. However the policy defined at the parent does not work for me in inherited tables. Is it intended that way ? Is there a solution to reflect the RLS policy along the line of inheritance, else i have to redefine the RLS policy at each inherited table (a significant maintenance effort). In another post I see conflicting views on this https://www.postgresql.org/message-id/d094a87d-9d63-46c9-8c27-631f881b80fb@supportex.net . While the original post seemed to get a prototype working, the response says that RLS policy will not be inherited and needs to be reimplemented at each table. thanks Sanjay --0000000000001dfa2c0621ebf5d6 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi,

Do RLS policies defined at the parent, work on the chi= ld (in Table inheritance).
At the parent I have a column 'site_id' = with an RLS policy that only rows with site_id =3D current_setting(curr_sit= e_id) would be accessible.=C2=A0
However the policy defined at the parent d= oes not work for me in inherited tables. Is it intended that way ?
Is there= a solution to reflect the RLS policy along the line of inheritance, else i= have to redefine the RLS policy at each inherited table (a significant mai= ntenance effort).

In another post I see conflicting views on this https://www.postgresql.org/message-id/d094a87d-9d63-4= 6c9-8c27-631f881b80fb@supportex.net.
While the original post seemed to = get a prototype working,=C2=A0 the response says that RLS policy will not b= e inherited and needs to be reimplemented at each table.

thanks=C2=A0<= /div>
= Sanjay


--0000000000001dfa2c0621ebf5d6--