Postgres - new role with SELECT shows empty table, whereas superuser role shows data in same table

Question

thank for taking the time to try answer/understand this question.

I am using AWS Aurora Postgres (Engine version: 13.4) database. I referred to this document for creating readwrite and readonly roles for 2 new rdsiam users -> "dev_ro" and "dev_rw". I have granted readwrite role to "dev_rw" and readonly to "dev_ro". The additional changes are:

1. myschema is "public" - which is my default schema
2. I add the same permissions as "myschema" to another schema called "graphile_worker" (from graphile/worker - which is a job queue).

With this in mind, here is what I have done:

1. I run my application which adds some repeating jobs (jobs schedule itself), implying that the jobs table can never be empty
2. Connect to RDS using the IAM user (doesn't matter dev_ro or dev_rw)
3. I run SELECT * FROM graphile_worker.jobs in my IDE (dbeaver - shouldn't matter, I think)
4. The table shows up empty
5. Disconnect and Re-connect to RDS using superuser credentials (which are created when server is created)
6. Run same query as above
7. See data in the table

I don't know why this is happening. I double-checked, both "dev_ro/w" (through the roles) and superuser, have:

• CONNECT to database (without doubt)
• SELECT on all tables of graphile_worker schema
• USAGE on the graphile_worker schema
• Moreover, I can query graphile_worker.migrations and the migration records show up as expected (on both devro/w and superuser)!

Please let me know if there is any more information that I can provide to help debug this issue.

Answer 1

Removing Row-Level Security (RLS) solved this issue. Thanks @Hambone for asking the right question.

RLS is removed by executing

ALTER ROLE <username> WITH BYPASSRLS