ATTACH RLS POLICY - Amazon Redshift

ATTACH RLS POLICY

Attach a row-level security policy on a table to one or more users or roles.

Superusers and users or roles that have the sys:secadmin role can attach a policy.

Syntax

ATTACH RLS POLICY policy_name ON [TABLE] table_name [, ...] TO { user_name | ROLE role_name | PUBLIC } [, ...]

Parameters

policy_name

The name of the policy.

ON [TABLE] table_name [, ...]

The relation that the row-level security policy is attached to.

TO { user_name | ROLE role_name | PUBLIC} [, ...]

Specifies whether the policy is attached to one or more specified users or roles.

Usage notes

When working with the ATTACH RLS POLICY statement, observe the following:

  • The table being attached should have all the columns listed in the WITH clause of the policy creation statement.

  • Amazon Redshift RLS doesn't support attaching RLS policies to the following objects:

    • Catalog tables

    • Cross-database relations

    • External tables

    • Temporary tables

    • Lookup tables

  • You can't attach a RLS policy to superusers or to users with the sys:secadmin permission.

Examples

The following example attaches a policy on a table to a role.

ATTACH RLS POLICY policy_concerts ON tickit_category_redshift TO ROLE analyst, ROLE dbadmin;