# Implementing row-level security

UI Bakery allows you to control user access to specific table rows for security purposes. This can be achieved by implementing role-based access in the table. 

Let's consider a scenario with the *products* table:

<table><thead><tr><th width="61">id</th><th width="129">category_id</th><th width="385">product_name</th><th>price</th></tr></thead><tbody><tr><td>1</td><td>101</td><td>Laptop</td><td>$999</td></tr><tr><td>2</td><td>102</td><td>Smartphone</td><td>$599</td></tr><tr><td>3</td><td>103</td><td>Smartwatch</td><td>$199</td></tr><tr><td>4</td><td>102</td><td>Camera</td><td>$449</td></tr></tbody></table>

Here, each category is associated with a specific user, so basically users should be able to see only the products within their assigned category. The *user\_categories* table could look like this:

<table><thead><tr><th width="267.3333333333333">user_email</th><th width="113">category_id</th><th>name</th></tr></thead><tbody><tr><td>alice@example.com</td><td>101</td><td>Alice</td></tr><tr><td>bob@example.com</td><td>102</td><td>Bob</td></tr><tr><td>jane@example.com</td><td>103</td><td>Jane</td></tr></tbody></table>

This is the case when you would want to implement row-level security to ensure that users only see the products that are allowed for them. To do so, you can filter the product categories based on the currently logged-in user:

```sql
SELECT p.*
FROM products p
JOIN user_categories uc ON p.category_id = uc.category_id
WHERE uc.user_email = {{ user.email }}
```

This query would ensure that when user Alice accesses product data, they would only see the products within the category assigned to them (for Alice it's *category\_id = 101*).

{% hint style="success" %}
By default, UI Bakery ensures that the parameterized request received by the server matches the currently logged-in user's email (`{{user.email}}` ) for security purposes, meaning that this variable cannot be altered from the client side.
{% endhint %}