MFS401 : Table of Contents

Chapter 3

Lesson 4

You Shall Not Pass!: Row Level Security


Fundamentals of RLS

Postgres access control roles


Finegrained access through custom RLS policies

Advanced RLS policies real world use cases

Implement Instagram Story security rules using RLS

Secure Twitter Edit feature using RLS

Quiz it to win it

Take the quiz

4 Questions
12 XP

Access control is one of the trickiest pieces of puzzles in database design. In its crudest form, we can put the database behind a wholly closed network (e.g., within a Virtual Private Cloud, or VPC) and allow only a middleware to access it. Then, the authentication and authorization for data lies in the middleware.

Taking a step further, Postgres allows us to put access control closest to the data through one of its most powerful features: Row-Level Security (RLS). In its simplest form, we can define the access control for each row of each table, allowing us to provide granular access to the data.

RLS in PostgreSQL allows database administrators to create policies to restrict, on a per-user basis, whether to allow modifying, returning, or creating rows of any table.

We can think of RLS as a gatekeeper for each row of data. Before an operation is performed (select, insert, update, or delete), the row-level security policies are checked. If the policy check passes, the operation is allowed; if not, the operation is prevented.

In this lesson, we will dig deep into RLS and how Supabase has embraced RLS to provide powerful yet intuitive ways to design access control.

RLS Basics with Supabase

Get started for free today!

No commitments. No contracts. Enjoy all features for a day — join in just three clicks!

No credit card required.

Quiz it to win it

Complete this quiz successfully to proceed to the next lesson and win upto 12XP.

Start quiz for this lesson

Completing this quiz will get you

+12 Experience Points

+5% course progress