How to use database function in RLS policy, which return a boolean?

Hello

I have created a function which return true or false based on a user_id and a permission_id, which means it return true if a user has a specific permission.

When running that function in the SQL console it return true. Just for test purposes I have also made a policy which with the specified parameters always should return true, but it does not!

The functions takes a valid permission_id and (for now) a hardcoded user_id (but valid).

I can confirm if I make a policy with a check called true, my RLS policy works, but when using this functions which always return true it doesn't. What am I doing wrong?

Picture 1&2 show two ways I have tried to add the function as a policy (with and without select) and the 3rd shows what the function returns (true).

The last picture shows the policy without select in the policy editor.

What am I missing, why isn't a function which always return true letting me bypass the RLS when a simple true does?
I must be missing something. but what?

Thank you guys!

ChristianOP•12/11/23, 12:48 PM

I now made a policy for INSERT which is a WITH CHECK, which still is not working.

garyaustin•12/11/23, 1:00 PM

You don’t show your function. Does it select from another table? If so the user has to meet that RLS or you need to make the function security definer type. Also any errors in the Postgres logs?

garyaustin•12/11/23, 1:02 PM

This https://github.com/GaryAustin1/custom-properties/blob/main/roles.sql shows some RLS and functions like you appear to be doing. Also pleas look at the proper way to setup your RLS and functions for performance shown there.

GitHub

custom-properties/roles.sql at main · GaryAustin1/custom-properties

Custom roles/teams/groups/claims using tables and a setof functions for RLS - GaryAustin1/custom-properties

ChristianOP•12/11/23, 1:43 PM

Hi @garyaustin , it might be irrelevant the function it self since I know it is working as intended. I have 10 tables, but this is the first table I'm actually implementing a policy, hence why it might not be working. And I an see i have RLS enable on the tables I query, but no policies. Thak you, I will try and look into it

ChristianOP•12/11/23, 1:46 PM

THANK YOU it is working now!! It was exactly the problem, the other tables.

garyaustin•12/11/23, 1:47 PM

If you plan to use this function in RLS for selects please take a look at the repository and the main readme. Performance will be terrible if you don't follow the tips.

How to use database function in RLS policy, which return a boolean?

Similar Threads

Similar Threads

Similar Threads