How it works...

Row-Level Security policies are created and dropped on a given table using the CREATE POLICY syntax. The Row-Level Security policy itself must also be enabled explicitly on the given table, because it is disabled by default.

In the previous example, we needed to grant privileges on the table or on the columns, in addition to creating the Row-Level Security policy. This is because Row-Level Security is not one more privilege to be added to the other; rather, it works like an additional check. In this sense, it is convenient that it is off by default, so that we have to create policies only on the tables where our access logic depends on the row contents.

Get PostgreSQL Administration Cookbook, 9.5/9.6 Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.