Join Slack
Powered by
I am doing some research on Postgres RLS (<https:/...
# general
r
Ram
03/30/2023, 8:05 PM
I am doing some research on Postgres RLS (
https://www.postgresql.org/docs/current/ddl-rowsecurity.html
). Has anyone used it before? Would love to understand usecases and your feedback about it?
m
Mitch
03/30/2023, 8:32 PM
I've seen it used to push the multi-tenant security of data returned to a user to the database.
Mitch
03/30/2023, 8:33 PM
Things like "here's all our data", group-usa can only see data from the USA, group-eu can only see data from the EU
d
Dave Roberts
03/31/2023, 7:24 AM
It's a pretty common mechanism to perform tenant isolation in a pooled PostgreSQL database:
https://aws.amazon.com/blogs/database/multi-tenant-data-isolation-with-postgresql-row-level-security/
Combine it with table partitioning based on tenant_id and you have a pretty useful model which can extend into sharding when/if required.
g
Gwen Shapira
03/31/2023, 5:48 PM
interesting, so it is used for tenant isolation but not for more fine-grained access controls?
m
Mitch
03/31/2023, 5:49 PM
Is there a difference?
g
Gwen Shapira
04/02/2023, 4:56 AM
Tenant isolation is a pretty limited form of RBAC, I’d say… Confluent Cloud had tenant isolation few years before RBAC.
Open in Slack
Previous
Next