How to handle RLS

Hi
We’ve enabled recently the row level security on my PSQL DB and we’ve created two policies: one which depends on our tenant_id and the second one which bypass the row level security.

We want to add the bypass policy to our Forest Admin so we can see/create/update/delete our data.
We thought about encapsulate all calls inside a transaction but we didn’t find how to do it.

Feature(s) impacted

All models are not anymore visible

Observed behavior

Models are not visible and we are not able to edit/create/delete data.

Expected behavior

Possibility to edit / create / update data.

Context

• Project name: Topo
• Team name: Topo
• Environment name: Staging
• Agent (forest package) name & version:

"@forestadmin/agent": "1.7.1",
"@forestadmin/datasource-sql": "1.2.0",

• Database type: Postgres

Thanks in advance!

Hey @Jeremy_Mathon , and welcome to our community,

Sorry for the delayed response.

From what I understand, wouldn’t this stackoverflow thread, in combination with a new database user with all permissions bypassing the RLS validation work in your case? I’m guessing that’s exactly what you already did though.

To debug this, you can set the log level of your agent to “Debug”, retrieve the SQL requests that are executed to retrieve the models and validate if the issue is about your postgres configuration or if this is agent-related.

If this can help, we also have this documentation draft that explains a bit more how the introspection process works with the datasource SQL.

We pretty much convinced that what you are trying to achieve should be do-able without any agent changes.

Let me know if that helps