0

In my pg migrations, I execute the following SQL:

grant all on all tables in schema denolandia to my_user;
...<create-table>
alter table denolandia.packages force row level security;
create policy update_packages on denolandia.packages for insert
  with check (
    false
  );

When I log into Postgres as my_user via psql and do a \d on my schema, I see that on denolandia.packages table, the following is reported:

Policies (row security disabled):
  POLICY "update_packages" FOR INSERT
    WITH CHECK (false)

I just commanded force row level security, so why is my policy disabled?

Thanks!

cdaringe
  • 1,274
  • 2
  • 15
  • 33
  • 2
    Shouldn't be first enabled with the ALTER TABLE ENABLE ROW LEVEL SECURITY statement? – Abdel P. Jan 07 '19 at 06:35
  • good grief. yup, that was it. I was under the impression `force` was a stricter alternative to `enable`. indeed, _both_ are required :) – cdaringe Jan 07 '19 at 06:44
  • ps, this was a *similar question*, but not a duplicate question as referenced by a_horse_with_no_name. nowhere in my problem statement did I mention the table owner. in fact, my problem was observed by a role that was not the table owner. my role as described was `my_role`, but the table owner is `postgres` in this case. – cdaringe Jan 07 '19 at 06:48

0 Answers0