ForbesLindesay/atdatabases

pg: querying when row level security enables

leftieFriele opened this issue · 1 comments

Querying a Postgres table which has Row Level Security enabled, what would be the best way of going about it.
Running two queries "solves" it but I was wondering if there is a better way? I can not find anything about this in the documentation.

let results
await pool.tx(async db => {
    await db.query(sql`SET someAuthId= '11111'`)
    results = await db.query(sql`select * from some_table`)
  }, {deferrable: true})

I'm not really familiar with row level security, but I would guess that if you're using it you will have to run that query to set the auth id any time you remove a connection from the pool.

You can return a value from the transaction, which does make the code a little cleaner/simpler (as well as improving TypeScript compatibility)

const results = await pool.tx(async db => {
  await db.query(sql`SET someAuthId= '11111'`)
  return await db.query(sql`select * from some_table`)
}, {deferrable: true})

If you don't want/need to wrap your query in a transaction, you can probably use:

const results = await pool.task(async db => {
  await db.query(sql`SET someAuthId= '11111'`)
  return await db.query(sql`select * from some_table`)
})

This ensures both queries run on the same connection, but does not wrap them in a transaction.