ATTACH RLS POLICY
Attach a row-level security policy on a table to one or more users or roles.
Superusers and users or roles that have the sys:secadmin
role can attach a policy.
Syntax
ATTACH RLS POLICY policy_name ON [TABLE] table_name [, ...] TO { user_name | ROLE role_name | PUBLIC } [, ...]
Parameters
- policy_name
-
The name of the policy.
- ON [TABLE] table_name [, ...]
-
The relation that the row-level security policy is attached to.
- TO { user_name | ROLE role_name | PUBLIC} [, ...]
-
Specifies whether the policy is attached to one or more specified users or roles.
Usage notes
When working with the ATTACH RLS POLICY statement, observe the following:
-
The table being attached should have all the columns listed in the WITH clause of the policy creation statement.
-
Amazon Redshift RLS supports attaching RLS policies to the following objects:
-
Tables
-
Views
-
Late-binding views
-
Materialized views
-
-
Amazon Redshift RLS doesn't support attaching RLS policies to the following objects:
-
Catalog tables
-
Cross-database relations
-
External tables
-
Temporary tables
-
Policy lookup tables
-
Materialized view base tables
-
-
RLS policies that are attached to superusers or to users with the
sys:secadmin
permission are ignored.
Examples
The following example attaches a policy on a table to a role.
ATTACH RLS POLICY policy_concerts ON tickit_category_redshift TO ROLE analyst, ROLE dbadmin;