Is there anywhere with more complex examples of RLS policies? For example I need to write a policy or policies that involves 5 tables. vendors vendor_users users(auth) and vendor_user_roles. A user should only be able to edit vendors or has the admin role for.

The main thing to remember is RLS policy is just sql that returns true or false. Next thing to worry about is it likely will get run against every row in your protected table, so performance and complexity need to be considered.

Easiest way to create complex RLS policies would probably be to create a function that returns a boolean and then set that function call as the policy value. This also allows you to test the result directly (e.g. by simply

SELECT * FROM my_rls_policy_function()

in the SQL console) without having to deal with debugging RLS directly.

Also important to look at in Scott P case of using a function is if it constant when run for the whole table. You can then define the function as STABLE which means it will only run once instead of rerunning on every row.

@User What would be an example use case where you would define the function as STABLE.

On Stable... Basically if the result of the function does not change based on the data in the rows of the table it is protecting. For instance if you check a count column in the current table as part of the sql in the function then it can change for each row so is not stable. You want to try and keep that from happening if it is a table with many rows. Edit: and to be clear, you don't have to have a stable function, it just needs to be simple and fast if it is not and you have lots of rows.