ATTACH RLS POLICY - Amazon Redshift
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

ATTACH RLS POLICY

Attach a row-level security policy on a table to one or more users or roles.

Superusers and users or roles that have the sys:secadmin role can attach a policy.

Syntax

ATTACH RLS POLICY policy_name ON [TABLE] table_name [, ...] TO { user_name | ROLE role_name | PUBLIC } [, ...]

Parameters

policy_name

The name of the policy.

ON [TABLE] table_name [, ...]

The relation that the row-level security policy is attached to.

TO { user_name | ROLE role_name | PUBLIC} [, ...]

Specifies whether the policy is attached to one or more specified users or roles.

Usage notes

When working with the ATTACH RLS POLICY statement, observe the following:

  • The table being attached should have all the columns listed in the WITH clause of the policy creation statement.

  • Amazon Redshift RLS supports attaching RLS policies to the following objects:

    • Tables

    • Views

    • Late-binding views

    • Materialized views

  • Amazon Redshift RLS doesn't support attaching RLS policies to the following objects:

    • Catalog tables

    • Cross-database relations

    • External tables

    • Temporary tables

    • Policy lookup tables

    • Materialized view base tables

  • RLS policies that are attached to superusers or to users with the sys:secadmin permission are ignored.

Examples

The following example attaches a policy on a table to a role.

ATTACH RLS POLICY policy_concerts ON tickit_category_redshift TO ROLE analyst, ROLE dbadmin;