Row-level-security not working for Postgres internal tables

Asked Dec 13 '22 at 09:11

Active Jan 16 '23 at 11:23

Viewed 138 times

I wanted a work-around for the PostgreSQL limitation (Hide unrelated schema/tables structure for a user).

I decided to go with the Row-Level-Security(RLS). The RLS seems working as expected for the user tables but did work for the internal tables such as pg_catalog.pg_namespace.

The screenshot shows the original data in the pg_catalog.pg_namespace table without RLS enbled.

--logged-in as a SUPERUSER(postgres)

SET allow_system_table_mods=on;
ALTER TABLE pg_catalog.pgnamespace ENABLE ROW LEVEL SECURITY;
ALTER TABLE pg_catalog.pg_namespace FORCE ROW LEVEL SECURITY;

REVOKE ALL ON TABLE pg_catalog.pg_namespace FROM public, utkarsh;
GRANT ALL ON TABLE pg_catalog.pg_namespace TO utkarsh;

CREATE POLICY ensure_right_table ON pg_catalog.pg_namespace 
FOR ALL
USING ((pg_catalog.pg_namespace.nspacl::text = '{postgres=UC/postgres,utkarsh=UC/postgres}'));
--nspacl is not an unique column.

SET ROLE utkarsh;

SELECT * FROM pg_catalog.pg_namespace;
--I can still see all the rows

edited Jan 16 '23 at 11:23

asked Dec 13 '22 at 09:11

Utkarsh

Try to _connect_ as `utkarsh` instead of using `SET ROLE` – Dec 13 '22 at 09:14
No, this didn't work. – Utkarsh Dec 13 '22 at 09:24
I doubt you can mess with the system tables like that. – Bergi Jan 16 '23 at 14:06

Row-level-security not working for Postgres internal tables

0 Answers0