RLS that a table can only be modified by a certain postgres function
Is it possible to write a RLS policy that restricts table update access except the update is coming from a certain function?
I tried this:
CREATE POLICY "Public counters can be updated by decrement_function." ON counters
FOR UPDATE
USING (
(CURRENT_SETTING('app.current_function') = 'hidden_functions.decrement_counter')
);
Which seems to block access from non authenticated update calls, but allows all functions to update it. But updates should only be allowed by "decrement_counter" function
Use case: I have a table with a counter and I only want to allo +1 and -1 operations if they are coming from a certain function which is part of an transaction.
I tried this:
CREATE POLICY "Public counters can be updated by decrement_function." ON counters
FOR UPDATE
USING (
(CURRENT_SETTING('app.current_function') = 'hidden_functions.decrement_counter')
);
Which seems to block access from non authenticated update calls, but allows all functions to update it. But updates should only be allowed by "decrement_counter" function
Use case: I have a table with a counter and I only want to allo +1 and -1 operations if they are coming from a certain function which is part of an transaction.
