Skip to content

Commit 6f06a18

Browse files
andinuxandinux
authored
Merge pull request #126 from sqlitecloud/stage
Update rls.mdx: fix table schema to match CRDT requirements and best practices, add an example for the RLS delete policy
2 parents a46756d + 29d4928 commit 6f06a18

File tree

1 file changed

+18
-11
lines changed

1 file changed

+18
-11
lines changed

sqlite-cloud/platform/rls.mdx

Lines changed: 18 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -85,9 +85,9 @@ Suppose you have a `tasks` table with the following schema:
8585

8686
```sql
8787
CREATE TABLE tasks (
88-
id INTEGER PRIMARY KEY,
88+
id TEXT PRIMARY KEY NOT NULL,
89+
user_id TEXT,
8990
title TEXT,
90-
owner_id INTEGER,
9191
status TEXT
9292
);
9393
```
@@ -98,39 +98,46 @@ Here are a few examples of RLS policies you can create:
9898

9999
```sql
100100
-- SELECT policy
101-
owner_id = auth_userid()
101+
user_id = auth_userid()
102102
```
103103

104104
**2. Users can only insert tasks for themselves.**
105105

106106
```sql
107107
-- INSERT policy
108-
NEW.owner_id = auth_userid()
108+
NEW.user_id = auth_userid()
109109
```
110110

111111
**3. Users can only update the status of their own tasks.**
112112

113113
```sql
114114
-- UPDATE policy
115-
OLD.owner_id = auth_userid()
115+
OLD.user_id = auth_userid()
116116
```
117117

118-
**4. Users with the 'admin' group can see all tasks.**
118+
**4. Users can only delete their own tasks.**
119+
120+
```sql
121+
-- DELETE policy
122+
OLD.user_id = auth_userid()
123+
```
124+
125+
**5. Users with the 'admin' group can see all tasks.**
119126

120127
```sql
121128
-- SELECT policy
122129
json_extract(auth_json(), '$.attributes.group') = 'admin'
123130
```
124131

125-
**5. Role-Based Access within a Tenancy**
132+
**6. Role-Based Access within a Tenancy**
126133

127134
```sql
128135
-- SELECT policy
129136
org_id = json_extract(auth_json(), '$.attributes.org_id') AND
130-
(json_extract(auth_json(), '$.attributes.role') = 'admin' OR owner_id = auth_userid())
137+
(json_extract(auth_json(), '$.attributes.role') = 'admin' OR user_id = auth_userid())
131138
```
132139

133-
**6. Access via a Membership Linking Table**
140+
**7. Access via a Membership Linking Table**
134141

135142
```sql
136143
-- SELECT policy
@@ -141,11 +148,11 @@ EXISTS (
141148
)
142149
```
143150

144-
**7. Public vs. Private Record Visibility**
151+
**8. Public vs. Private Record Visibility**
145152

146153
```sql
147154
-- SELECT policy
148-
visibility = 'public' OR owner_id = auth_userid()
155+
visibility = 'public' OR user_id = auth_userid()
149156
```
150157

151158
With these policies, when a user executes a query, SQLite Cloud will automatically enforce the defined RLS rules, ensuring data security and compliance.

0 commit comments

Comments
 (0)