满足以下条件之一的用户,rls对其无效
- superuser
- 表所有者
- bypassrls规则
- 确认表rls规则是否启用
1.superuser
--使用户失去superuser规则
alter user username with nosuperuser;
--使用户晋升为superuser
alter user username with superuser;
--查看用户是否为超级用户
select rolsuper from pg_roles where rolname = 'username';
2.表所有者:
--使表所有者强制执行rls规则
alter table tablename force row level security;
--查询表的rls是否对表所有者生效
select relname,relrowsecurity,relforcerowsecurity from pg_class where relrowsecurity=true;
3.bypassrls规则
--使用户bypassrls变成nobypassrls,从而遵从rls规则
alter user username with nobypassrls;
--查询用户是否跳过rls
select rolbypassrls from pg_roles where rolname = 'username';
4.表配置rls规则后,需确认表rls是否启用
--查看表是否启用rls使用:
select relname,relrowsecurity from pg_class where relname='tablename';
--启用/失效 tablename的rls
alter table tablename enable/disable row level security;