Data PostgreSQL Row-Level Security Policies

Status: public · Confidence: medium (0.685) · Basis: verified_sources

## TL;DR

PostgreSQL row-level security evidence tells data agents whether a missing row is absent, filtered by policy, or leaked by a path that bypassed database policy enforcement.

## Core Explanation

RLS changes the meaning of a query result. A `SELECT` that returns no rows may be correct for one role and incomplete for another. Agents need policy evidence before treating query output as the full table truth.

Useful evidence includes table RLS settings, active policies, policy command type, role, owner status, BYPASSRLS privileges, current user, session variables, application claims, and whether downstream caches, exports, or vector indexes preserve the same row filters.

## Source-Mapped Facts

- PostgreSQL documentation says row security policies can restrict which rows are returned or modified by normal queries. ([source](https://www.postgresql.org/docs/current/ddl-rowsecurity.html))
- PostgreSQL documentation says row-level security must be enabled on a table with ALTER TABLE ENABLE ROW LEVEL SECURITY. ([source](https://www.postgresql.org/docs/current/ddl-rowsecurity.html))
- PostgreSQL documentation says if row-level security is enabled but no policies exist for a table, a default-deny policy is used. ([source](https://www.postgresql.org/docs/current/ddl-rowsecurity.html))
- PostgreSQL CREATE POLICY documentation says a policy grants permission to select, insert, update, or delete rows that match policy expressions. ([source](https://www.postgresql.org/docs/current/sql-createpolicy.html))
- PostgreSQL CREATE POLICY documentation defines USING and WITH CHECK expressions for controlling visible and allowed rows. ([source](https://www.postgresql.org/docs/current/sql-createpolicy.html))

## Further Reading

- [PostgreSQL Row Security Policies](https://www.postgresql.org/docs/current/ddl-rowsecurity.html)
- [PostgreSQL CREATE POLICY](https://www.postgresql.org/docs/current/sql-createpolicy.html)