Bird
0
0

You wrote this policy to allow users to update their own rows:

medium📝 Debug Q14 of 15
PostgreSQL - Roles and Security
You wrote this policy to allow users to update their own rows: 
CREATE POLICY update_own ON orders
FOR UPDATE USING (user_id = current_user);
But users report they can update other users' rows too. What is the likely problem?
AThe policy should use WITH CHECK instead of USING
BThe policy must be created with FOR SELECT, not FOR UPDATE
CThe current_user function is not supported in policies
DRow-level security is not enabled on the orders table
Step-by-Step Solution
Solution:

  1. Step 1: Check if RLS is enabled

    Policies only work if row-level security is enabled on the table; otherwise, they have no effect.

  2. Step 2: Understand the symptom

    If users can update rows despite the policy, likely RLS is disabled, ignoring policies and allowing full access.

  3. Final Answer:

    Row-level security is not enabled on the orders table -> Option D

  4. Quick Check:

    RLS must be enabled for policies to work [OK]
Quick Trick: Enable RLS to enforce policies [OK]
Common Mistakes:
  • Confusing USING and WITH CHECK clauses
  • Assuming current_user is unsupported
  • Creating policy for wrong command type

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More PostgreSQL Quizzes
Advanced PL/pgSQL - Exception handling (BEGIN-EXCEPTION-END) - Quiz 10hard Advanced PL/pgSQL - Cursor declaration and usage - Quiz 12easy Advanced PL/pgSQL - Exception handling (BEGIN-EXCEPTION-END) - Quiz 11easy Indexing Strategies - BRIN index for large sequential data - Quiz 15hard Roles and Security - Table-level permissions - Quiz 1easy Roles and Security - Column-level permissions - Quiz 8hard Table Partitioning - Hash partitioning for distribution - Quiz 5medium Table Partitioning - Sub-partitioning - Quiz 11easy Table Partitioning - Range partitioning by date - Quiz 13medium Triggers in PostgreSQL - Trigger for audit logging - Quiz 12easy