ATTACH RLS POLICY - Amazon Redshift


Attach a row-level security policy on a table to one or more users or roles.

Superusers and users or roles that have the sys:secadmin role can attach a policy.


ATTACH RLS POLICY policy_name ON [TABLE] table_name [, ...] TO { user_name | ROLE role_name | PUBLIC } [, ...]



The name of the policy.

ON [TABLE] table_name [, ...]

The relation that the row-level security policy is attached to.

TO { user_name | ROLE role_name | PUBLIC} [, ...]

Specifies whether the policy is attached to one or more specified users or roles.

Usage notes

When working with the ATTACH RLS POLICY statement, observe the following:

  • The table being attached should have all the columns listed in the WITH clause of the policy creation statement.

  • Amazon Redshift RLS supports attaching RLS policies to the following objects:

    • Tables

    • Views

    • Late-binding views

    • Materialized views

  • Amazon Redshift RLS doesn't support attaching RLS policies to the following objects:

    • Catalog tables

    • Cross-database relations

    • External tables

    • Temporary tables

    • Policy lookup tables

    • Materialized view base tables

  • RLS policies that are attached to superusers or to users with the sys:secadmin permission are ignored.


The following example attaches a policy on a table to a role.

ATTACH RLS POLICY policy_concerts ON tickit_category_redshift TO ROLE analyst, ROLE dbadmin;