Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tBWbm-004OzK-I7
	for pgsql-general@arkaria.postgresql.org; Thu, 14 Nov 2024 09:57:50 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tBWbj-002dXc-7D
	for pgsql-general@arkaria.postgresql.org; Thu, 14 Nov 2024 09:57:47 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <laurenz.albe@cybertec.at>)
	id 1tBWbi-002dXQ-Qn
	for pgsql-general@lists.postgresql.org; Thu, 14 Nov 2024 09:57:47 +0000
Received: from mail-ej1-x62e.google.com ([2a00:1450:4864:20::62e])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <laurenz.albe@cybertec.at>)
	id 1tBWbc-001oAx-On
	for pgsql-general@lists.postgresql.org; Thu, 14 Nov 2024 09:57:45 +0000
Received: by mail-ej1-x62e.google.com with SMTP id a640c23a62f3a-aa1f73966a5so76929266b.2
        for <pgsql-general@lists.postgresql.org>; Thu, 14 Nov 2024 01:57:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=cybertec.at; s=cybertec.at; t=1731578259; x=1732183059; darn=lists.postgresql.org;
        h=mime-version:user-agent:content-transfer-encoding:references
         :in-reply-to:date:to:from:subject:message-id:from:to:cc:subject:date
         :message-id:reply-to;
        bh=BUUkFhudgkhn9Z19MhAZlLrwnBX6wWD/k5IjljDCA18=;
        b=QK0713ZqYD0W3Eq3ZKEBcFDVD9/ouFNuwJ6dVPMCODEavvqq9CYB514sURAHP7z7A8
         pCAa3MzHtVIeQjnfk9OjcYxLq/XJ+sZLur6XwWqi2ThvA7ZX/mpzUUUUtHPHgW97hYRg
         ptHYO+yayECcOtOFtSUCAVBOZgwBm38eMwDAE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1731578259; x=1732183059;
        h=mime-version:user-agent:content-transfer-encoding:references
         :in-reply-to:date:to:from:subject:message-id:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=BUUkFhudgkhn9Z19MhAZlLrwnBX6wWD/k5IjljDCA18=;
        b=FlE+Jx1FVS5I6yEfCDFGTOrdxx409mLe8oD+ymNdzoCRhkCs5D55Ze5ELooC4bAWoH
         /kmPpsVVXgFLl+YKlXYSnvTxrvzNNOX7uqW1wJ9N68TO8fHyH8CtolBzA5x6mN+mzncK
         /qi5F461V15RXSMgTRnkhSIFbpSgtZaKOFy5fNiZcyVIqooVaM6VT3WZwuUNze34qX23
         7O9PVr+73SShCRQeEC21gg6q1z+YreiUiqqnA/5HdlBLxCX6gag/V7aQBMhKgWoBpsfA
         2RbKFsXSFYdFhXX6yMZq99E7mmaNVUd+jftLos6FqsYsOpxjjFsS5sCJgs2JcOEll/Vb
         FMkg==
X-Forwarded-Encrypted: i=1; AJvYcCW5HidVjvGJg1XSBlRjDOSEmLzS/IXZV/7RdnzSxsC99oegz5cIYoxjCBp9rSd2XhQOWmlHYpFXpB4Pd8oF@lists.postgresql.org
X-Gm-Message-State: AOJu0YxMlT8YlUuE//8loUGzowSEr1kFlKn0SDrWyboS4lSXWkjtpI1F
	Cgw8ysmQNUtQGnhvd1yNX41mZOA8C00jngChVGDVTEWRz3yhP6VtMS/oZrIWdLSJqh54+S69hoY
	gVVQ=
X-Google-Smtp-Source: AGHT+IFPdFWiwvaFuJz1HFi07S+36YWtaB5PmzcltMky40zYP/PZpjM0TOWUsoPjfK9OxdE0rTEIjQ==
X-Received: by 2002:a17:907:c29:b0:a88:b90a:ff30 with SMTP id a640c23a62f3a-aa20cdf5acbmr122429666b.50.1731578259286;
        Thu, 14 Nov 2024 01:57:39 -0800 (PST)
Received: from localhost.localdomain ([2001:871:5e:5e8:7658:4e84:1e83:27b9])
        by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5cf7a04e583sm356385a12.49.2024.11.14.01.57.38
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 14 Nov 2024 01:57:39 -0800 (PST)
Message-ID: <e02436cddbd2f628062f12365c9868b5ea124737.camel@cybertec.at>
Subject: Re: Row level security policy
From: Laurenz Albe <laurenz.albe@cybertec.at>
To: Mark Phillips <mphillips@mophilly.com>, 
	pgsql-general@lists.postgresql.org
Date: Thu, 14 Nov 2024 10:57:38 +0100
In-Reply-To: <3BA7883C-2247-4687-A764-5777EB8755EF@mophilly.com>
References: <3BA7883C-2247-4687-A764-5777EB8755EF@mophilly.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.52.4 (3.52.4-2.fc40) 
MIME-Version: 1.0
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/e02436cddbd2f628062f12365c9868b5ea124737.camel%40cybertec.at>
Precedence: bulk

On Wed, 2024-11-13 at 17:33 -0800, Mark Phillips wrote:
> Given a database table with one policy statement FOR SELECT applied, it i=
s necessary
> to apply additional policy statements for insert, update, and delete oper=
ations?
>=20
> My testing indicates that this is case but I haven=E2=80=99t found an exp=
lanation of this
> requirement in the documentation.

https://www.postgresql.org/docs/current/ddl-rowsecurity.html says:

  When row security is enabled on a table (with ALTER TABLE ... ENABLE ROW =
LEVEL SECURITY),
  all normal access to the table for selecting rows or modifying rows must =
be allowed by
  a row security policy.

So if you only have a policy for SELECT, that's all you are allowed to do.

Yours,
Laurenz Albe