Live policy viewer
Reads pg_policies on the deployed database via a public view (v_public_policies). The page proves the deployed policies are exactly what these docs claim — no static snapshot can drift.
public.audit_events
| Policy | Cmd | Roles | USING | WITH CHECK |
|---|
| audit_events_insert_cb_audit_writer | INSERT | cb_audit_writer | — | true |
| audit_events_select | SELECT | public |
CASE
WHEN app_private.has_workspace_role(workspace_id, 'admin'::workspace_role) THEN true
WHEN app_private.has_workspace_role(workspace_id, 'member'::workspace_role) THEN (actor_id = auth.uid())
ELSE false
END | — |
public.processed_stripe_events
| Policy | Cmd | Roles | USING | WITH CHECK |
|---|
| processed_stripe_events_insert | INSERT | public | — | false |
| processed_stripe_events_select | SELECT | public | false | — |
public.step_up_codes
| Policy | Cmd | Roles | USING | WITH CHECK |
|---|
| step_up_codes_no_user_access | ALL | public | false | false |
public.subscriptions
| Policy | Cmd | Roles | USING | WITH CHECK |
|---|
| subscriptions_delete | DELETE | public | false | — |
| subscriptions_update | UPDATE | public | false | false |
| subscriptions_insert | INSERT | public | — | false |
| subscriptions_select | SELECT | public | app_private.has_workspace_role(workspace_id, 'admin'::workspace_role) | — |
public.tasks
| Policy | Cmd | Roles | USING | WITH CHECK |
|---|
| tasks_delete | DELETE | public | app_private.has_workspace_role(workspace_id, 'admin'::workspace_role) | — |
| tasks_update | UPDATE | public | app_private.has_workspace_role(workspace_id, 'member'::workspace_role) | (app_private.has_workspace_role(workspace_id, 'member'::workspace_role) AND app_private.workspace_is_writable(workspace_id)) |
| tasks_insert | INSERT | public | — | (app_private.has_workspace_role(workspace_id, 'member'::workspace_role) AND (created_by = auth.uid()) AND app_private.workspace_is_writable(workspace_id)) |
| tasks_select | SELECT | public | app_private.is_workspace_member(workspace_id) | — |
public.workspace_invitations
| Policy | Cmd | Roles | USING | WITH CHECK |
|---|
| workspace_invitations_update | UPDATE | public | false | — |
| workspace_invitations_insert | INSERT | public | — | false |
| workspace_invitations_select | SELECT | public | app_private.has_workspace_role(workspace_id, 'admin'::workspace_role) | — |
public.workspace_members
| Policy | Cmd | Roles | USING | WITH CHECK |
|---|
| members_update | UPDATE | public | app_private.has_workspace_role(workspace_id, 'admin'::workspace_role) | app_private.has_workspace_role(workspace_id, 'admin'::workspace_role) |
| members_insert | INSERT | public | — | false |
| members_select | SELECT | public | (((user_id = auth.uid()) AND (removed_at IS NULL)) OR app_private.has_workspace_role(workspace_id, 'admin'::workspace_role)) | — |
public.workspaces
| Policy | Cmd | Roles | USING | WITH CHECK |
|---|
| workspaces_update | UPDATE | public | ((deleted_at IS NULL) AND app_private.has_workspace_role(id, 'owner'::workspace_role)) | ((deleted_at IS NULL) AND app_private.has_workspace_role(id, 'owner'::workspace_role)) |
| workspaces_insert | INSERT | public | — | ((created_by = auth.uid()) AND (deleted_at IS NULL)) |
| workspaces_select | SELECT | public | ((deleted_at IS NULL) AND app_private.is_workspace_member(id)) | — |