I'm kinda stuck writing such a policy :

sql
CREATE POLICY "policy_companies_country_view"
ON companies_country_view
FOR SELECT USING (
  // I want the id to be provided for SELECT to be allowed, i.e. 'WHERE id = xxx' required
  // I dont want to allow the entire table to be seen, but only to allow a single line operation
);

Any idea ?

Hello @enti! This thread has been automatically created from your message in #843999948717555735 a ``few seconds ago``. Pinging @User so that they see this as well! Want to unsubscribe from this thread? Right-click the thread in Discord (or use the ... menu) and select Leave Thread to unsubscribe from future updates. Want to change the title? Use the

/title

command! We have solved your problem? Click the button below to archive it.

This is not possible afaik. Policies aren't evaluated against the query, rather the row. One thing you can do is block select altogether, and use a

rpc

function to access one row at a time.

enti (2022-03-29)

ok thx @User . I just want to force the

id

argument on the API call at this point. any way to do that?

Not without modifying kong config or postgrest.

I guess that means I have to use a SSR frontend if I don't want people to be able to see my entire table

No, generally what you want to do is to use policies to restrict access based on ownership

Well, there's no authentification. I only use the anon token. I just need to avoid any

SELECT *

on a specific table and only allow

SELECT * WHERE id = xx

. Whcih I guess I can contain with a SSR frontend

In that case, you can use a stored procedure as I mentioned initially

You also need to make that function "security definer"

ok thx, will go this way