Posted On: Jul 12, 2022

Amazon Redshift now supports Row-Level Security (RLS), a new enhancement that simplifies design and implementation of fine-grained access to the rows in tables. With RLS, you can restrict access to a subset of rows within a table based on the users’ job role or permissions and level of data sensitivity with SQL commands. By combining column-level access control and RLS, Amazon Redshift customers can provide comprehensive protection by enforcing granular access to their data.

Amazon Redshift already supported enforcing row-level policies on Amazon Redshift Spectrum tables using AWS Lake Formation. With this release, as a security administrator, you can create a RLS policy for a table that allows access to perform database operations, such as SELECT, DELETE, and UPDATE on a subset of rows defined by the RLS policies. Amazon Redshift allows you to apply the same RLS policy to multiple tables with common column names thus simplifying development and testing of RLS policies. After the policies are created, attach them to the users or roles and turn on RLS on the table to enforce the policies. Row-level access control allows users to enforce RLS policies for restricting data access when queries are run. Once RLS is turned on in a table, a user who doesn’t have a RLS policy applied cannot access any records of the table. Multiple RLS policies can be attached to the same role, and users can have multiple roles which have RLS policies associated with them.

RLS is now available in most AWS Regions where Amazon Redshift is available. You can find more information about RLS from the Amazon Redshift database developer guide, and blog.