.svg?alt=media&token=22229f15-f796-4c11-a928-049c59e13a36)
Implementing row-level security
UI Bakery allows you to control user access to specific table rows for security purposes. This can be achieved by implementing role-based access in the table.
Let's consider a scenario with the products table:
1
101
Laptop
$999
2
102
Smartphone
$599
3
103
Smartwatch
$199
4
102
Camera
$449
Here, each category is associated with a specific user, so basically users should be able to see only the products within their assigned category. The user_categories table could look like this:
alice@example.com
101
Alice
bob@example.com
102
Bob
jane@example.com
103
Jane
This is the case when you would want to implement row-level security to ensure that users only see the products that are allowed for them. To do so, you can filter the product categories based on the currently logged-in user:
This query would ensure that when user Alice accesses product data, they would only see the products within the category assigned to them (for Alice it's category_id = 101).
By default, UI Bakery ensures that the parameterized request received by the server matches the currently logged-in user's email ({{user.email}} ) for security purposes, meaning that this variable cannot be altered from the client side.
Last updated
Was this helpful?