414 questions
0
votes
1
answer
95
views
Connection between SELECT policy and PATCH API? PATCH request doesn't work due to SELECT policy
There is this table "customer" and it has "is_deleted" column.
I did to use it for soft deletetion.
And I set policy like below so that I don't have to add is_deleted = false ...
- 25
3
votes
1
answer
711
views
How can I take advantage of Postgres row-level-security in a Laravel application?
I am currently experimenting with adopting PostgreSQL row-level security for a server-side application in Laravel. My goal is to move multi-tenancy access rights into the DB, so as to completely ...
- 32.8k
0
votes
1
answer
232
views
How to safely manage normalized permissions in Postgres with RLS
I like using a separate table to manage RLS permissions, but normalization creates a challenge when inserting new data. The general idea is that no access control logic is built into the items table, (...
- 1,755
1
vote
1
answer
160
views
Is there a way by which I can handle the report data in powerbi based on user's role in a react application?
Need to find a solution by which data in powerbi report is displayed absed on user's role in react app, RLS is handled in powerbi but is there any other way?
I tried implementing RLS(Row Level ...
- 132
1
vote
1
answer
586
views
How to setup row level access in Postgres without creating a user
I have an existing API connected to an AWS PostgreSQL database that uses AWS Cognito for User authentication.
The goal is for users to insert data via the API with some field mapped to their Cognito ...
- 192
0
votes
0
answers
158
views
Postgres: empty table though permissions granted to the role
I have a problem with SELECT when granting permission for the role.
I need to create a Customer role with the privilege to SELECT from 2 tables.
And then I need to create a personalized role for one ...
- 25
1
vote
1
answer
136
views
Slow SSAS RLS implementation with DAX
I have published my .pbix, it works great, speed is fine. I consume from SSAS. Now, I have introduced some RLS security and for people accessing with limited permissions, it is awfully slow…
How can I ...
- 706
-3
votes
1
answer
868
views
How to check if the current user inherits the BYPASSRLS attribute from a role?
I need to check whether row-level-security applies to the current_user in a Postgres query. As far as I can tell, I need to check whether the current user is the owner of that table, or has the ...
- 671k
0
votes
0
answers
894
views
How can I achieve RLS in Power BI report with data from analysis service using "Connect live" method? Manage Roles option getting greyed out
Manage Roles option under Modeling menu in power bi desktop getting greyed out when we use "Connect live" method to get data from analysis service for the report.
It is available when we use ...
0
votes
1
answer
2k
views
How to specify in supabase a field should only have default value?
I'm making a basic chat app using supabase.
I've figured out how to make it so users can only create/edit their profile and send messages from their profile using RLS, by checking if their id matches ...
- 821
0
votes
1
answer
1k
views
PostgreSQL Row Level Security in Node JS
I have a database which is shared amongst multiple tenants/users. However, I want to add row-level-security protection so that any given tenant can only see those rows that belong to them.
As such, ...
6
votes
1
answer
3k
views
Why is the policy's "using"-clause used for the new row while a "with check"-clause is provided for an update statement?
From the Postgres CREATE POLICY documentation:
UPDATE policies accept both a USING expression and a WITH CHECK expression. The USING expression determines which records the UPDATE command will see to ...
- 11.2k
2
votes
0
answers
222
views
Row-level-security not working for Postgres internal tables
I wanted a work-around for the PostgreSQL limitation (Hide unrelated schema/tables structure for a user).
I decided to go with the Row-Level-Security(RLS). The RLS seems working as expected for the ...
- 457
-1
votes
1
answer
666
views
How to integrate power-bi Row Level Security in React.js App?
I have integrated power-bi service(App Owns Data/service principle way) in my react.js App. Further I want to integrate RLS(Row Level Security)
in the same. As mentioned in power-bi docs it is ...
0
votes
1
answer
188
views
How to prevent unwanted access to Fact table?
I am using RLS in SSAS and it works fine:
I filter the table Project... Therefore, if a certain group has access only to Project X. They only see that.
(I use visuals in POWER BI that use a mix of ...
- 706
3
votes
0
answers
60
views
postgres optimisation: run view query before policy
I have a postgres table which has a policy enforced on it, like so (extra columns redacted for brevity):
create table live_specs (
catalog_name catalog_name not null,
spec_type ...
- 935
0
votes
2
answers
32
views
Row Security Level
I am trying to create a row security level over my table for the user department
CREATE TABLE Student_Table
(
Title varchar(10) NULL,
DateofBirth DATE NULL,
BF1 varchar(10) NULL,
...
1
vote
1
answer
819
views
Using Row Level Security to protect the table that tracks row level securities
The general setup of my RLS is that I have a table like Orders:
OrderID Customer
1 John
2 Bill
And a table, RowLevelSecurityPermissions, that tracks which principal is allowed to see ...
- 766
0
votes
1
answer
189
views
DAX solutions for RLS taking up too much memory?
Current code which checks current logged in user's name against Logon column. End goal being to find all rows of Customer_SK associated with that user. VALUESrow is a measure finding all those SK ...
0
votes
0
answers
31
views
PostgreSQL row-level security with views (protecting/hiding columns) [duplicate]
I want to expose a user/accounts table via an API and secure it on the PostgreSQL level.
Using row-level security has worked great for my other tables, but on the accounts table I have some data that ...
- 2,923
0
votes
1
answer
376
views
How to model tables with RLS in power bi?
I am not sure how to model this.
I have 3 tables.
Fact
Contract
Clients
Fact:
Then, the access with RLS will be based on contract. If you are manager1 or manager2 for that contract you shall see it (...
- 706
0
votes
2
answers
638
views
Can PowerBI inherit RLS from Azure Synapse SQL?
I have a Azure Synapse SQL table which contains a list of companies.
I have created an access matrix, security predicate and policy to filter data presented based on the user.
Create FUNCTION spf....
- 36
0
votes
3
answers
338
views
RLS in PowerApps
I have a Azure SQL server and 3 security groups on Azure AD who are added as external users in Azure SQL. The Azure SQL has a filter predicate based upon the security group that the logged in user ...
2
votes
1
answer
5k
views
406 JSON object requested, multiple (or no) rows when RLS is enabled on Supabase
I have looked at various solutions on StackOverflow, github issues in supabase, supabase/postgrest-js, postgRESTPostgREST/postgrest, and searched the Discord as well. But none of the solutions have ...
- 165
3
votes
3
answers
3k
views
Can I use row-level security to prevent SELECT * FROM users?
I just learned about RLS and wish to write a web application with a very small server layer (no server layer, if possible). I'm building a social media web application in particular.
I have a scenario:...
- 71