0

I want to enforce Row-Level Security (RLS) for PostgreSQL with Row Security Policies for ALL users including admins and table owners:

ALTER ROLE postgres WITH NOBYPASSRLS; -- enforce for the superuser
ALTER TABLE items ENABLE ROW LEVEL SECURITY;
ALTER TABLE items FORCE ROW LEVEL SECURITY; -- enforce RLS for table owners

CREATE POLICY never_anything_policy ON items
FOR ALL -- cannot do anything
USING (false); -- never true

Still I can query ALL items as user postgres

Improve this question

1 Answer 1

Reset to default
5

Superusers are always exempt from row level security. The documentation says:

superuser status

A database superuser bypasses all permission checks, except the right to log in.

And further:

Superusers and roles with the BYPASSRLS attribute always bypass the row security system when accessing a table.

There is no point in trying to keep a superuser from seeing or doing something, but that is no problem. You don't use superusers for anything but administrative tasks anyway.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.