Advanced Track • Views
Advanced Views & Virtual Tables
By the end of this lesson you'll know exactly which views you can write through and which you can't — and how to fix the ones you can't. You'll build updatable views guarded by WITH CHECK OPTION, lock data down with security views, and make a complex join view writable with an INSTEAD OF trigger.
What You'll Learn
- ✓Which views are auto-updatable (and the exact rules)
- ✓Guard writes with WITH CHECK OPTION so rows can't escape
- ✓Build security views that hide columns and rows
- ✓Use security_invoker / security-barrier to stop data leaks
- ✓Know why join & aggregate views are read-only
- ✓Make complex views writable with INSTEAD OF triggers
Our Sample Tables: products & orders
Every example uses this products table — plus a small orders table for the join examples. Knowing the data is half of writing good SQL.
Result:
| id | product_name | category | price | stock |
|---|---|---|---|---|
| 1 | Wireless Mouse | Electronics | 24.99 | 120 |
| 2 | Coffee Mug | Kitchen | 9.5 | 300 |
| 3 | Mechanical Keyboard | Electronics | 79 | 45 |
| 4 | Notebook | Stationery | 3.25 | 500 |
| 5 | Desk Lamp | Home | 32 | 80 |
| 6 | USB-C Cable | Electronics | 12.99 | 200 |
And a tiny orders table — each row links to a product by product_id:
Result:
| id | product_id | quantity | order_date |
|---|---|---|---|
| 101 | 1 | 2 | 2026-06-10 |
| 102 | 3 | 1 | 2026-06-11 |
| 103 | 6 | 5 | 2026-06-12 |
1. Updatable Views & the Auto-Updatable Rules
A view is a saved SELECT that behaves like a virtual table — it stores no data and re-runs its query every time you read it. The surprise for many people: you can also write through a view, and the change lands in the real table underneath. PostgreSQL allows this automatically when the view is simple enough to map each result row back to exactly one base-table row.
🪟 Real-world analogy
An updatable view is a window onto a table. You can reach through the window to move things on the shelf behind it — but only if the window shows one clear shelf. A view that summarises many shelves (an aggregate) is more like a security camera: great for looking, impossible to reach through.
A view is auto-updatable only when it: reads exactly one table in FROM; has no GROUP BY, HAVING, DISTINCT, LIMIT, OFFSET, UNION/INTERSECT/EXCEPT; and uses no aggregate or window functions and no sub-query in the SELECT list. Break any of those and the view turns read-only.
A simple, auto-updatable view
Create a single-table view and read from it.
-- A view is a saved SELECT that behaves like a virtual table.
-- It stores no data of its own — it re-runs its query every time.
CREATE VIEW v_in_stock AS
SELECT id, product_name, category, price, stock
FROM products
WHERE stock > 0;
-- Query it exactly like a table:
SELECT product_name, stock FROM v_in_stock;
-- Because this view reads ONE table and adds no GROUP BY,
-- DISTINCT, or aggregates, the database marks it "auto-updatable":
-- you can INSERT / UPDATE / DELETE through it.Result — v_in_stock — all 6 products have stock > 0:
| product_name | stock |
|---|---|
| Wireless Mouse | 120 |
| Coffee Mug | 300 |
| Mechanical Keyboard | 45 |
| … | … |
Because v_in_stock reads one table with no grouping, the database lets you write through it. Each statement below changes the real products row:
Writing through a view
UPDATE, INSERT, and DELETE pass through to products.
-- UPDATE through the view — it rewrites the real products row.
UPDATE v_in_stock
SET price = 21.99
WHERE product_name = 'Wireless Mouse';
-- INSERT through the view — the new row lands in products.
INSERT INTO v_in_stock (product_name, category, price, stock)
VALUES ('Laptop Stand', 'Home', 39.00, 50);
-- DELETE through the view — removes the real row too.
DELETE FROM v_in_stock WHERE product_name = 'Notebook';
-- The view is just a window onto products; every write
-- passes straight throug
...2. WITH CHECK OPTION — Stop Rows From Escaping
A filtered view has a sharp edge. v_in_stock only shows rows where stock > 0, but by default you can still INSERT a row with stock = 0 through it. The insert succeeds, then the new row instantly disappears from the view because it fails the filter — a baffling "I just added it, where did it go?" bug.
WITH CHECK OPTION closes that gap. It tells the database to apply the view's WHERE to writes as well as reads, rejecting any INSERT or UPDATE that would produce a row the view can't see.
WITH CHECK OPTION a habit on every updatable, filtered view. It costs nothing on reads and turns a silent data bug into a clear, immediate error.WITH CHECK OPTION
Reject writes that would push a row out of the view.
-- Rebuild the view WITH CHECK OPTION so the filter is enforced
-- on writes, not just reads.
CREATE VIEW v_in_stock AS
SELECT id, product_name, category, price, stock
FROM products
WHERE stock > 0
WITH CHECK OPTION; -- 👈 the new safety rule
-- This INSERT is REJECTED: stock = 0 fails the view's WHERE,
-- so the row would instantly vanish from the view.
INSERT INTO v_in_stock (product_name, category, price, stock)
VALUES ('Backordered Pen', 'Stationery', 2.00, 0);
-- ERROR: new row violates
...Your Turn: a guarded updatable view
Fill in the blanks to create an updatable view of budget products (price < 20) that refuses to let a row be priced out of itself. The expected behaviour is in the comments so you can check yourself.
🎯 Your Turn: WITH CHECK OPTION
Build a filtered, write-guarded view.
-- 🎯 YOUR TURN — fill in the two blanks, then press "Try it Yourself"
-- Goal: an updatable view of only the cheap products (price < 20),
-- that REFUSES to let a row be priced out of the view.
CREATE VIEW v_budget AS
SELECT id, product_name, category, price, stock
FROM products
WHERE ___ -- 👉 the filter: price under 20
WITH ___ OPTION; -- 👉 the keyword that enforces the filter on writes
-- ✅ Expected: the view is created. Then this write is BLOCKED,
-- because price 25
...3. Views Over Joins & Aggregates Are Read-Only
The moment a view summarises data, writing through it stops making sense. If v_category_stats shows one row per category with an average price, what would it even mean to UPDATE that average? The database can't split one summary row back into the individual rows it came from, so it refuses.
The same logic applies to most join views: a single result row stitches together columns from several tables, and an ambiguous write can't be safely undone. PostgreSQL makes a simple join view read-only by default — you'll make it writable in Section 5 with a trigger.
An aggregate view (read-only)
GROUP BY makes a view non-updatable.
-- Views over a JOIN or an aggregate are READ-ONLY.
-- The database can't reverse one summary row back into the
-- individual rows it came from, so writes are refused.
CREATE VIEW v_category_stats AS
SELECT category,
COUNT(*) AS items,
ROUND(AVG(price), 2) AS avg_price,
SUM(stock) AS total_stock
FROM products
GROUP BY category;
SELECT * FROM v_category_stats ORDER BY category;
-- Try to write through it and you get:
UPDATE v_category_stats SET avg_price = 0 WHERE cat
...Result — v_category_stats:
| category | items | avg_price | total_stock |
|---|---|---|---|
| Electronics | 3 | 38.99 | 365 |
| Home | 1 | 32 | 80 |
| Kitchen | 1 | 9.5 | 300 |
| Stationery | 1 | 3.25 | 500 |
A join view (read-only for now)
Join products + orders into one virtual table.
-- A view over a JOIN of products + orders. Reading is fine;
-- writing needs an INSTEAD OF trigger (next section).
CREATE VIEW v_order_lines AS
SELECT o.id AS order_id,
o.order_date,
p.product_name,
o.quantity,
p.price,
o.quantity * p.price AS line_total
FROM orders o
JOIN products p ON p.id = o.product_id;
SELECT order_id, product_name, quantity, line_total
FROM v_order_lines
ORDER BY order_id;Result — v_order_lines:
| order_id | product_name | quantity | line_total |
|---|---|---|---|
| 101 | Wireless Mouse | 2 | 49.98 |
| 102 | Mechanical Keyboard | 1 | 79 |
| 103 | USB-C Cable | 5 | 64.95 |
4. Security Views — Hide Columns and Rows
A view is a clean way to expose part of a table. You lock down the base table, then grant access only to a view that selects the safe columns and rows. Callers can query the view but never touch the data it hides — costs, supplier IDs, other people's records.
Two safety switches matter. security_invoker = true (PostgreSQL 15+) runs the view with the caller's privileges, so any row-level security on the base table still applies to them; without it a view runs as its owner and can hand back rows the caller was never permitted to see. The older security-barrier view (WITH (security_barrier = true)) forces the view's own WHERE to run before any function the caller injects, so a cleverly-crafted predicate can't peek at filtered-out rows.
SELECT is not security on its own. If the caller still has SELECT on the base table, they can ignore the view entirely. Real protection = REVOKE on the table + GRANT on the view (+ security_invoker/security_barrier for row rules).A column-hiding security view
Expose safe columns; lock the base table.
-- SECURITY VIEW: expose only safe COLUMNS, hide cost & supplier.
-- Staff query the view; the base table stays locked down.
CREATE VIEW v_public_catalog AS
SELECT id, product_name, category, price -- no cost, no supplier_id
FROM products;
-- Lock the real table, open only the view:
REVOKE ALL ON products FROM sales_team;
GRANT SELECT ON v_public_catalog TO sales_team;
-- security_invoker (PostgreSQL 15+): run the view with the
-- CALLER's privileges, so row-level security on products
...Result — v_public_catalog — cost & supplier never appear:
| id | product_name | category | price |
|---|---|---|---|
| 1 | Wireless Mouse | Electronics | 24.99 |
| 2 | Coffee Mug | Kitchen | 9.5 |
| … | … | … | … |
Your Turn: a security view (columns + rows)
Build a view that exposes only product_name and price (hiding stock and cost) and only the Electronics rows, running with the caller's own permissions. Fill in the three blanks.
🎯 Your Turn: security view
Limit columns and rows; use security_invoker.
-- 🎯 YOUR TURN — fill in the three blanks, then press "Try it Yourself"
-- Goal: a security view that exposes ONLY name + price (hide stock/cost)
-- and ONLY the Electronics rows. Make it respect the caller's
-- own permissions with security_invoker.
CREATE VIEW v_electronics_public
WITH (___ = true) AS -- 👉 run as the caller, not the owner
SELECT product_name, ___ -- 👉 the one extra safe column to show
FROM products
WHERE category = ___; -- 👉 l
...5. INSTEAD OF Triggers — Make Complex Views Writable
What if you genuinely need to write through a join view like v_order_lines? You take control of the write yourself with an INSTEAD OF trigger. The name is literal: instead of the database's default (which is "error, this view is read-only"), it runs your function, and your function writes to the real tables however you decide.
Below, an INSTEAD OF INSERT trigger reads the incoming row, looks up the product's id from the name the view exposed, and inserts a proper row into orders. From the caller's side it looks like an ordinary insert into the view.
INSTEAD OF INSERT trigger
Intercept a write to the join view and route it to orders.
-- INSTEAD OF trigger: make the read-only JOIN view writable.
-- The trigger intercepts the INSERT and writes to the REAL table.
CREATE OR REPLACE FUNCTION fn_insert_order_line()
RETURNS TRIGGER LANGUAGE plpgsql AS $$
DECLARE
v_product_id INT;
BEGIN
-- Look up the product id from the name the view exposed:
SELECT id INTO v_product_id
FROM products WHERE product_name = NEW.product_name;
-- Insert into the underlying orders table:
INSERT INTO orders (product_id, quantity,
...6. View vs. Materialized View — A Quick Recap
Everything above is a plain view: zero stored data, always live, re-computed on every read. That's perfect when freshness matters and the query is cheap. But when a view's query is expensive (big joins, heavy aggregates) and you read it far more often than the data changes, re-running it every time is wasteful.
A materialized view trades freshness for speed: it runs the query once and stores the result like a cached table, which you refresh with REFRESH MATERIALIZED VIEW. Reads become as fast as reading a table; the cost is that the data is only as current as the last refresh — and materialized views are not updatable.
Common Errors (and the fix)
- "cannot update view … contains GROUP BY": you tried to write through an aggregate (or join) view. Those are read-only — summarised rows can't be mapped back to base rows. Add an
INSTEAD OFtrigger if you truly need the write. - The "disappearing insert": you
INSERTthrough a filtered view and the new row never shows up. The row was created but fails the view'sWHERE. Recreate the viewWITH CHECK OPTIONso the bad write is rejected loudly instead. - "new row violates check option for view": that's
WITH CHECK OPTIONworking as intended — yourINSERT/UPDATEwould have produced a row outside the view. Change the value so it matches the filter, or write to the base table directly. - Security bypassed: you built a view to hide rows but a user still sees everything. They likely retain
SELECTon the base table —REVOKEit. For row rules, addsecurity_invoker/security_barrierso the optimizer can't leak filtered-out rows. - "INSTEAD OF triggers cannot have WHEN conditions" / silent no-op: an
INSTEAD OFtrigger must beFOR EACH ROW, and you need one per operation you support (INSERT/UPDATE/DELETE). Operations without a trigger simply do nothing.
📘 Quick Reference
| Syntax / concept | What it does |
|---|---|
| CREATE VIEW v AS SELECT … | Define a virtual table from a query |
| Auto-updatable | One table, no GROUP BY/DISTINCT/aggregate → writable |
| WITH CHECK OPTION | Reject writes that fall outside the view's WHERE |
| GROUP BY / JOIN view | Read-only by default |
| WITH (security_invoker = true) | Run the view as the caller, not the owner |
| WITH (security_barrier = true) | Run the view's WHERE before caller functions |
| INSTEAD OF INSERT/UPDATE/DELETE | Custom DML logic for non-updatable views |
| MATERIALIZED VIEW | Stored, cached result; refresh to update |
Frequently Asked Questions
Q: How do I know if a view is updatable before I try?
Check the rules: one table in FROM, and no GROUP BY, HAVING, DISTINCT, LIMIT/OFFSET, set operations, aggregates, or window functions. In PostgreSQL you can also query information_schema.views — the is_updatable column says yes or no.
Q: Does WITH CHECK OPTION slow down reads?
No. It only affects INSERT and UPDATE, adding a check that the resulting row still matches the view. Reads are unaffected, so there's almost never a reason to leave it off a filtered updatable view.
Q: Is hiding a column in a view enough to keep it secret?
Only if the caller can't read the base table. A view doesn't remove anyone's existing table privileges — you must REVOKE on the table and GRANT on the view. For row-level hiding, add security_invoker or security_barrier.
Q: View or materialized view for a slow dashboard query?
If the numbers can be a few minutes stale and you read them constantly, a materialized view is far faster — query once, store, REFRESH on a schedule. If you need always-live data or want to write through it, keep a plain view.
Mini-Challenge: A Self-Guarding Low-Stock View
Put it together — a brief, a blank canvas, and the expected behaviour in the comments. Write it, then copy it into a PostgreSQL playground to confirm.
🎯 Mini-Challenge
An updatable v_low_stock view guarded by WITH CHECK OPTION.
-- 🎯 MINI-CHALLENGE
-- Using ONLY what this lesson covered (CREATE VIEW, a single-table
-- filter, and WITH CHECK OPTION):
-- 1. Create an updatable view v_low_stock of products with stock < 100
-- exposing id, product_name, category, price, stock
-- 2. Add WITH CHECK OPTION so a row can never be restocked OUT of the view
--
-- ✅ Expected: view created. Then this write is BLOCKED:
-- UPDATE v_low_stock SET stock = 500 WHERE product_name = 'Desk Lamp';
-- -- ERROR: new row violate
...🎉 Lesson Complete
- ✅ A single-table view with no grouping is auto-updatable — writes pass through to the base table
- ✅
WITH CHECK OPTIONrejects writes that would push a row out of the view - ✅ Join and aggregate views are read-only because summary rows can't be reversed
- ✅ Real security =
REVOKEon the table +GRANTon the view, plussecurity_invoker/security_barrierfor row rules - ✅
INSTEAD OFtriggers make complex views writable with your own logic - ✅ Next: Analytical SQL — window functions and BI-grade queries
Sign up for free to track which lessons you've completed and get learning reminders.