Policy Exists RLS Disabled
Level: INFO
Rationale
In Postgres, Row Level Security (RLS) policies control access to rows in a table based on the executing user. Policies can be created, but will not be enforced until the table is updated to enable row level security. Failing to enable row level security is a common misconfiguration that can lead to data leaks.
How to Resolve
To enable existing policies on a table execute:
1 |
|
Example
Given the schema:
1 2 3 4 5 6 7 8 9 |
|
A user may incorrectly believe that their policies are being applied. Before the policies will take effect, we first must enable row level security on the underlying table.
1 |
|