RLS + Security definer ?
Hey !
I'm considering enabling RLS on all my tables without defining any policies, and then interacting with my data only through Postgres RPC functions that are marked as SECURITY DEFINER. In each function, I check at the beginning whether the requested data is accessible based on the auth.uid.
Is this a good practice, or is there a better recommended approach for handling access control in this scenario?
2 Replies
This seems like a work around to use similar thing you are creating a work around against. As a matter of fact, this feels like you are trying to design your own RLS inside of a Postgres function instead of just using RLS which is already a feature of Postgres.
you right...
Thank you bro