Row-Level Security?

Hi all – I’d love to use row-level security (RLS) in my project. I’m currently render.com and their postgres DB. I’ve looked for RLS in the forum here, and I’ve just seen a few references to Supabase, which seems to have some way to support RLS, but I’m not sure how integrated it is into Redwood/Prisma.

What’s the current state here? My rule for security is to always use pre-validated standard tools, since I figure if I roll my own code I’ll just introduce security vulnerabilities.

I’m working on a project with Plaid integration, and aside from just being able to sleep well, I’ll need to get security right to pass a Plaid security audit.

Love to know if there’s a standard way to do this in Redwood. I feel like locking down a DB and queries to it, restricting sensitive data to the logged-in-user should be a core feature of any framework (but I’m not sure if it’s yet a core feature of any!)

RLS can be used in prisma somehow. It has some performance issues, but the last replies in this github issue seem promising: Support for row-level security (RLS) · Issue #12735 · prisma/prisma · GitHub

I think this project uses the prisma RLS approach with different clients:

I think @dthyresson used this within a redwood project.

And: RFC RW Multi Tenant Support · Issue #5821 · redwoodjs/redwood · GitHub