Newer
Older
CREATE SCHEMA demo;
CREATE TABLE demo.private_rows (
value varchar(255),
policy varchar(255),
"group" varchar(255)
);
INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value1', 'FREE', '');
INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value2', 'FREE', '');
INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value3', 'PRIV', 'VLKB.group1');
INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value4', 'PRIV', 'VLKB.group1');
INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value5', 'PRIV', 'VLKB.group2');
INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value6', 'PRIV', 'VLKB.group2');
-- WARNING: always create a new role because Row Level Security doesn't work for table owner
CREATE ROLE tap WITH LOGIN PASSWORD 'demo';
GRANT USAGE ON SCHEMA demo TO tap;
GRANT SELECT ON demo.private_rows TO tap;
ALTER TABLE demo.private_rows ENABLE ROW LEVEL SECURITY;
CREATE POLICY filter_rls_policy ON demo.private_rows FOR ALL TO PUBLIC USING (policy = 'FREE' OR "group" = ANY(current_setting('my.tap_groups', true)::varchar[]));