Table Of Contents
Table Of Contents

2023-09-18 - Row Level Security for Views

Release

Status: Available

Type: DataOps

Date: 2023-09-18

Problem

Row level security policies are applied to tables, but our users access those tables through views (or views on views!).

When creating or updating policies we need to look up inheritance (ie what views are over the table) …. also need to grant access to information app users (for the views) otherwise they wont see the view thats sits over the table we have created the policy on

Solution

This is quite a technical pattern, but our config metadata lets us traverse the lineage and work out the appropriate policies and permissions at each layer.

Leverage the Magic

We leverage blast_radius() for this one, because we can simply lookup all the upstream obejcts from any table, hence if table a is getting a new row level security policy we can instantly see that view b and view c need permissions applied at the same time.

Last Refreshed

Doc Refreshed: 2024-05-23