You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: serverless/sql-databases/how-to/use-row-level-security.mdx
+7-9Lines changed: 7 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,15 +15,15 @@ categories:
15
15
16
16
Row-Level Security is a database security mechanism that allows access only to specific rows of a table based on a user's role or permissions.
17
17
18
-
Row Level Security can be actived with Serverless SQL Database for a maximum 2 different roles having both read and write permissions. This can be used to restrict access to a subset of users with frameworks or tools such as [PostgREST](https://docs.postgrest.org/en/v12/).
18
+
Row Level Security can be actived with Serverless SQL Databases for a maximum of two different roles, having both read and write permissions. This can be used to restrict access to a subset of users with frameworks or tools such as [PostgREST](https://docs.postgrest.org/en/v12/).
19
+
19
20
This requires setting up different [IAM permissions sets](/identity-and-access-management/iam/reference-content/permission-sets/) for each role (**ServerlessSQLDatabaseFullAccess** or **ServerlessSQLDatabaseReadWrite** for one role, and **ServerlessSQLDatabaseDataReadWrite** for the other).
20
21
21
22
<Macroid="requirements" />
22
23
23
24
- A Scaleway account logged into the [console](https://console.scaleway.com)
24
25
-[Owner](/identity-and-access-management/iam/concepts/#owner) status or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) allowing you to perform actions in the intended Organization
25
26
-[Created a Serverless SQL Database](/serverless/sql-databases/how-to/create-a-database/)
26
-
-[Created two applications](/identity-and-access-management/iam/how-to/create-application/) in IAM
27
27
28
28
## Add sample data and create PostgreSQL Row Level Security
29
29
@@ -63,26 +63,24 @@ This requires setting up different [IAM permissions sets](/identity-and-access-m
63
63
64
64
## Create an IAM application with Row Level Security enabled
65
65
66
-
1. Create a new [IAM application](/identity-and-access-management/iam/how-to/create-application/) or use an existing one.
66
+
1. Create a new [IAM application](/identity-and-access-management/iam/how-to/create-application/).
67
67
68
68
2. Create a new [IAM policy](/identity-and-access-management/iam/how-to/create-policy/), and add the **ServerlessSQLDatabaseDataReadWrite** permission set to the application you just created.
69
69
70
70
<Messagetype="note">
71
-
You must provide **ServerlessSQLDatabaseDataReadWrite** permission set and not **ServerlessSQLDatabaseReadWrite** permission set. Indeed, all connections to your database performed with the former permissions set will use `role_readwrite` in PostgreSQL, whereas all connections performed with the latter or **ServerlessSQLDatabaseFullAccess** will use `role_admin` in PostgreSQL.
71
+
You must provide **ServerlessSQLDatabaseDataReadWrite** permission set and not **ServerlessSQLDatabaseReadWrite** permission set. Indeed, all connections to your database performed with the former permissions set will use `role_readwrite` in PostgreSQL, whereas all connections performed with the latter, or **ServerlessSQLDatabaseFullAccess** will use `role_admin` in PostgreSQL.
72
72
</Message>
73
73
74
-
3. Create an [API Key](/identity-and-access-management/iam/how-to/create-api-keys/) for this application and connect to your Serverless SQL Database with this application.
74
+
3. Create an [API Key](/identity-and-access-management/iam/how-to/create-api-keys/) for this application, and connect to your Serverless SQL Database with this application.
4. Run the follwoing command to list the `pets` this application has access to with:
79
+
4. Run the following command to list the `pets` this application has access to:
80
80
```sql
81
81
SELECT*FROM pets;
82
82
```
83
-
Only the pets with a `keeper` column value of `role_readwrite`.
84
-
85
-
Your new application can now only access a specific subset of rows based on its permissions.
83
+
Only the pets with a `keeper` column value of `role_readwrite` display. Your new application can now only access a specific subset of rows based on its permissions.
86
84
87
85
<Messagetype="tip">
88
86
Row level security and policies can be created or deleted by a table owner. In this example, you can check table owner with the following command:
0 commit comments