ATTACH RLS POLICY - Amazon Redshift
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Attach a row-level security policy on a table to one or more users or roles.

Superusers and users or roles that have the sys:secadmin role can attach a policy.


ATTACH RLS POLICY policy_name ON [TABLE] table_name [, ...] TO { user_name | ROLE role_name | PUBLIC } [, ...]



The name of the policy.

ON [TABLE] table_name [, ...]

The relation that the row-level security policy is attached to.

TO { user_name | ROLE role_name | PUBLIC} [, ...]

Specifies whether the policy is attached to one or more specified users or roles.

Usage notes

When working with the ATTACH RLS POLICY statement, observe the following:

  • The table being attached should have all the columns listed in the WITH clause of the policy creation statement.

  • Amazon Redshift RLS doesn't support attaching RLS policies to the following objects:

    • Catalog tables

    • Cross-database relations

    • External tables

    • Materialized views

    • Temporary tables

    • Lookup tables

  • You can't attach a RLS policy to superusers or to users with the sys:secadmin permission.


The following example attaches a policy on a table to a role.

ATTACH RLS POLICY policy_concerts ON tickit_category_redshift TO ROLE analyst, ROLE dbadmin;