Add RLS reference to document level security documentation #1969
Conversation
| @@ -23,6 +23,10 @@ Configure collection level permissions by navigating to **Your collection** > ** | |||
| Document level permissions grant access to individual documents. | |||
| If a user has read, create, update, or delete permissions at the document level, the user can access the **individual document**. | |||
|
|
|||
| {% info title="Does Appwrite support Row Level Security (RLS)?" %} | |||
| Document level security in Appwrite is similar to what is known as Row Level Security (RLS) found in database systems like PostgreSQL. Both concepts allow you to control access to individual records based on user identity and roles. If you're familiar with RLS, you'll find Appwrite's document level security provides similar granular access control. | |||
There was a problem hiding this comment.
provides similar granular access control.
While both allows giving granular access, RLS is quite different than Appwrite's permission model so we should make sure that's clear.
There was a problem hiding this comment.
@stnguyen90 Can you help with the specific difference(s) so we can make it clearer?
There was a problem hiding this comment.
Postgres' RLS allows you to add a policy to a table. For example, given table:
CREATE TABLE accounts (manager text, company text, contact_email text);this policy:
CREATE POLICY account_managers ON accounts TO managers
USING (manager = current_user);Makes it so when a query is done on the accounts table, only rows where the manager column matches current_user will return.
With Appwrite's document-level permissions, you set on the document which user should have access to that document.
Does that give you enough information to better word it?
There was a problem hiding this comment.
Yes, that makes sense @stnguyen90. What do you think about the update I made?
|
The preview deployment failed. 🔴 Last updated at: 2025-07-07 17:03:58 CET |
TorstenDittmann
force-pushed
the
main
branch
5 times, most recently
from
6e3c6b4 to
83e3ebc
Compare
| @@ -23,6 +23,10 @@ Configure collection level permissions by navigating to **Your collection** > ** | |||
| Document level permissions grant access to individual documents. | |||
| If a user has read, create, update, or delete permissions at the document level, the user can access the **individual document**. | |||
|
|
|||
| {% info title="Does Appwrite support Row Level Security (RLS)?" %} | |||
| Document level security in Appwrite is similar to Row Level Security (RLS) found in database systems like PostgreSQL, as both provide granular access control to individual records. However, they work differently: RLS uses policies that automatically filter results based on conditions, while Appwrite requires explicitly setting permissions on each document. | |||
There was a problem hiding this comment.
explicitly setting permissions
Does this sound negative to you? Can you reword it to not sound like a drawback/flaw?
What does this PR do?
Test Plan
/docs/products/databases/permissions