I want to enforce Row-Level Security (RLS) for PostgreSQL with Row Security Policies for ALL users including admins and table owners:
ALTER ROLE postgres WITH NOBYPASSRLS; -- enforce for the superuser
ALTER TABLE items ENABLE ROW LEVEL SECURITY;
ALTER TABLE items FORCE ROW LEVEL SECURITY; -- enforce RLS for table owners
CREATE POLICY never_anything_policy ON items
FOR ALL -- cannot do anything
USING (false); -- never true
Still I can query ALL items as user postgres
Superusers are always exempt from row level security. The documentation says:
superuser status
A database superuser bypasses all permission checks, except the right to log in.
And further:
Superusers and roles with the
BYPASSRLSattribute always bypass the row security system when accessing a table.
There is no point in trying to keep a superuser from seeing or doing something, but that is no problem. You don't use superusers for anything but administrative tasks anyway.