# Implementing row-level security

UI Bakery allows you to control user access to specific table rows for security purposes. This can be achieved by implementing role-based access in the table. 

Let's consider a scenario with the *products* table:

<table><thead><tr><th width="61">id</th><th width="129">category_id</th><th width="385">product_name</th><th>price</th></tr></thead><tbody><tr><td>1</td><td>101</td><td>Laptop</td><td>$999</td></tr><tr><td>2</td><td>102</td><td>Smartphone</td><td>$599</td></tr><tr><td>3</td><td>103</td><td>Smartwatch</td><td>$199</td></tr><tr><td>4</td><td>102</td><td>Camera</td><td>$449</td></tr></tbody></table>

Here, each category is associated with a specific user, so basically users should be able to see only the products within their assigned category. The *user\_categories* table could look like this:

<table><thead><tr><th width="267.3333333333333">user_email</th><th width="113">category_id</th><th>name</th></tr></thead><tbody><tr><td>alice@example.com</td><td>101</td><td>Alice</td></tr><tr><td>bob@example.com</td><td>102</td><td>Bob</td></tr><tr><td>jane@example.com</td><td>103</td><td>Jane</td></tr></tbody></table>

This is the case when you would want to implement row-level security to ensure that users only see the products that are allowed for them. To do so, you can filter the product categories based on the currently logged-in user:

```sql
SELECT p.*
FROM products p
JOIN user_categories uc ON p.category_id = uc.category_id
WHERE uc.user_email = {{ user.email }}
```

This query would ensure that when user Alice accesses product data, they would only see the products within the category assigned to them (for Alice it's *category\_id = 101*).

{% hint style="success" %}
By default, UI Bakery ensures that the parameterized request received by the server matches the currently logged-in user's email (`{{user.email}}` ) for security purposes, meaning that this variable cannot be altered from the client side.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.uibakery.io/how-tos/data/implementing-row-level-security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.