Links
Comment on page

Implementing row-level security

To control the user's access to the specific table rows, you can implement role-based access in the table.

Example

Let's consider a scenario with a "products" table:
id
category_id
product_name
price
1
101
Laptop
$999
2
102
Smartphone
$599
3
103
Smartwatch
$199
4
102
Camera
$449
In this case, the users are associated with specific categories, and you want to implement row-level security to ensure that each user only sees products within their assigned category. The "user_categories" table could look like this:
user_email
category_id
name
101
Alice
102
Bob
103
Jane
To ensure that users only see products that are allowed for them, we can filter the product categories based on the currently logged-in user:
SELECT p.*
FROM products p
JOIN user_categories uc ON p.category_id = uc.category_id
WHERE uc.user_email = {{ current_user.email }}
This query would ensure that when Alice, for example, accesses product data, she only sees products within the category assigned to her (category_id = 101).

By default, UI Bakery ensures that the parameterized request received by the server matches the currently logged-in user's email {{user.email}} for security purposes, meaning that this variable cannot be altered from the client side.