Implementing row-level security

To control the user's access to the specific table rows, you can implement role-based access in the table.

Example

Let's consider a scenario with a "products" table:

id
category_id
product_name
price

1

101

Laptop

$999

2

102

Smartphone

$599

3

103

Smartwatch

$199

4

102

Camera

$449

In this case, the users are associated with specific categories, and you want to implement row-level security to ensure that each user only sees products within their assigned category. The "user_categories" table could look like this:

user_email
category_id
name

alice@example.com

101

Alice

bob@example.com

102

Bob

jane@example.com

103

Jane

To ensure that users only see products that are allowed for them, we can filter the product categories based on the currently logged-in user:

SELECT p.*
FROM products p
JOIN user_categories uc ON p.category_id = uc.category_id
WHERE uc.user_email = {{ user.email }}

This query would ensure that when Alice, for example, accesses product data, she only sees products within the category assigned to her (category_id = 101).


By default, UI Bakery ensures that the parameterized request received by the server matches the currently logged-in user's email {{user.email}} for security purposes, meaning that this variable cannot be altered from the client side.

Last updated

© 2024 UI Bakery