Comment on page
Implementing row-level security
To control the user's access to the specific table rows, you can implement role-based access in the table.
Let's consider a scenario with a "products" table:
id | category_id | product_name | price |
|---|---|---|---|
1 | 101 | Laptop | $999 |
2 | 102 | Smartphone | $599 |
3 | 103 | Smartwatch | $199 |
4 | 102 | Camera | $449 |
In this case, the users are associated with specific categories, and you want to implement row-level security to ensure that each user only sees products within their assigned category. The "user_categories" table could look like this:
user_email | category_id | name |
|---|---|---|
101 | Alice | |
102 | Bob | |
103 | Jane |
To ensure that users only see products that are allowed for them, we can filter the product categories based on the currently logged-in user:
SELECT p.*
FROM products p
JOIN user_categories uc ON p.category_id = uc.category_id
WHERE uc.user_email = {{ current_user.email }}
This query would ensure that when Alice, for example, accesses product data, she only sees products within the category assigned to her (category_id = 101).
By default, UI Bakery ensures that the parameterized request received by the server matches the currently logged-in user's email
{{user.email}} for security purposes, meaning that this variable cannot be altered from the client side.