warn-rls-policy-completeness

What It Detects

RLS policies should cover all operations (SELECT, INSERT, UPDATE, DELETE) to avoid silent access denial.

Why It's Dangerous

When RLS is enabled, any operation without a policy is silently denied — queries return zero rows instead of raising an error. Always create policies for all operations or use a FOR ALL policy.

Bad Example

ALTER TABLE posts ENABLE ROW LEVEL SECURITY;
CREATE POLICY posts_select ON posts FOR SELECT USING (true);
-- Missing INSERT, UPDATE, DELETE policies!

Good Example

ALTER TABLE posts ENABLE ROW LEVEL SECURITY;
CREATE POLICY posts_all ON posts FOR ALL USING (true);

Configuration

Disable this rule:

# .migrationpilotrc.yml
rules:
  MP079: false

Or change its severity:

# .migrationpilotrc.yml
rules:
  MP079:
    severity: warning