Implementing row-level security
To control the user's access to the specific table rows, you can implement role-based access in the table.
Example
Let's consider a scenario with a "products" table:
| id | category_id | product_name | price |
|---|---|---|---|
1 | 101 | Laptop | $999 |
2 | 102 | Smartphone | $599 |
3 | 103 | Smartwatch | $199 |
4 | 102 | Camera | $449 |
In this case, the users are associated with specific categories, and you want to implement row-level security to ensure that each user only sees products within their assigned category. The "user_categories" table could look like this:
| user_email | category_id | name |
|---|---|---|
alice@example.com | 101 | Alice |
bob@example.com | 102 | Bob |
jane@example.com | 103 | Jane |
To ensure that users only see products that are allowed for them, we can filter the product categories based on the currently logged-in user:
This query would ensure that when Alice, for example, accesses product data, she only sees products within the category assigned to her (category_id = 101).
By default, UI Bakery ensures that the parameterized request received by the server matches the currently logged-in user's email {{user.email}} for security purposes, meaning that this variable cannot be altered from the client side.
Last updated