Using whole row in Row Level Security policy

Question

I am using row level security with function, for example

CREATE POLICY person_select_policy ON core.person FOR SELECT USING (core.person_policy_check(id, 'read') = TRUE);

Is it possible to pass whole row to the function? So the function would have access to all columns of the row without having to name them all as arguments. That way the function could accept core.person as parameter or at least a record type.

score 1 · Accepted Answer · answered Dec 08 '22 at 10:33

Yes, that's possible. Declare a parameter with the type of the table:

create function core.person_policy_check(p_row core.person, p_access text)
  returns boolean
as
$$
begin
  if p_row.id = 42 then ..
end
$$
language plpgsql;

Then pass the row to the function:

CREATE POLICY person_select_policy 
   ON core.person 
   FOR SELECT USING (core.person_policy_check(person, 'read') = TRUE);

Using whole row in Row Level Security policy

1 Answers1