2023-09-18 - Row Level Security for Views¶
Problem¶
Row level security policies are applied to tables, but our users access those tables through views (or views on views!).
When creating or updating policies we need to look up inheritance (ie what views are over the table) …. also need to grant access to information app users (for the views) otherwise they wont see the view thats sits over the table we have created the policy on
Solution¶
This is quite a technical pattern, but our config metadata lets us traverse the lineage and work out the appropriate policies and permissions at each layer.
Leverage the Magic¶
We leverage blast_radius() for this one, because we can simply lookup all the upstream obejcts from any table, hence if table a is getting a new row level security policy we can instantly see that view b and view c need permissions applied at the same time.
Last Refreshed¶
Doc Refreshed: 2024-05-20