Artur,
* Artur Dudnik (adudnik@gmail.com) wrote:
> > Try creating the view as the 'test' user and you'll see that then acces=
sing
> the table through the view will result in the RLS policy being applied.
>=20
> Sure, you are right.
>=20
> Excuse me for stupid question, but may be you will describe how I can
> create view for table with restricted access to rows per roles?
You can create the view as a role with a restricted set of access, as
described.
Alternatively, you can create a view owned by a role who has
unrestricted access to the table (such as the table owner) and then
implement the per-row restrictions there using WHERE and making the view
a security barrier view.
As with the regular GRANT system, it isn't possible to use the logged-in
role to perform access permission checks on a table which is being
queried through a view.
We may add support for defining policies on views in the future, but
that won't be until at least 9.7.
Thanks!
Stephen