Implementing row-level security

UI Bakery allows you to control user access to specific table rows for security purposes. This can be achieved by implementing role-based access in the table.

Let's consider a scenario with the products table:

category_id

product_name

price

101

Laptop

$999

102

Smartphone

$599

103

Smartwatch

$199

102

Camera

$449

Here, each category is associated with a specific user, so basically users should be able to see only the products within their assigned category. The user_categories table could look like this:

user_email

category_id

name

[email protected]

101

Alice

[email protected]

102

Bob

[email protected]

103

Jane

This is the case when you would want to implement row-level security to ensure that users only see the products that are allowed for them. To do so, you can filter the product categories based on the currently logged-in user:

SELECT p.*
FROM products p
JOIN user_categories uc ON p.category_id = uc.category_id
WHERE uc.user_email = {{ user.email }}

This query would ensure that when user Alice accesses product data, they would only see the products within the category assigned to them (for Alice it's category_id = 101).

By default, UI Bakery ensures that the parameterized request received by the server matches the currently logged-in user's email ({{user.email}} ) for security purposes, meaning that this variable cannot be altered from the client side.

PreviousInternationalization (i18n) & Localization: Translating UI Bakery Apps NextCopying to clipboard

Last updated 4 months ago

Was this helpful?