Row-Level Security (RLS) Policies

All RLS policies defined in the database.

RLS Enforcement Flow

mermaid

flowchart TD
    A[User Query Request] --> B[PostgreSQL Receives Query]
    B --> C[Extract auth.uid from JWT]
    C --> D[Evaluate RLS Policies]
    D --> E{Policy<br/>Matches?}
    E -->|Yes| F[Return Filtered Rows]
    E -->|No| G[Return Empty Result]
    F --> H[Application Receives Data]
    G --> H
    
    D --> I[Check tenant_users table]
    I --> J[Filter by tenant_id]
    J --> E
    
    style A fill:#3b82f6,color:#fff
    style D fill:#f59e0b,color:#fff
    style F fill:#10b981,color:#fff
    style G fill:#ef4444,color:#fff

How RLS Works

RLS policies are evaluated for every query:

Query arrives at PostgreSQL
JWT token is extracted from request
auth.uid() is called to get user ID
RLS policies are evaluated using user context
Rows are filtered based on policy conditions
Only matching rows are returned to application

transport_details

transport_details_admin_update: UPDATE on transport_details
- Condition: EXISTS ( SELECT 1 FROM public.user_roles WHERE user_id = (SELECT auth.uid(
transport_details_admin_delete: DELETE on transport_details
- Condition: EXISTS ( SELECT 1 FROM public.user_roles WHERE user_id = (SELECT auth.uid(

profiles

profiles_select_self: select on profiles
- Condition: id = auth.uid(
profiles_select_admin: select on profiles
- Condition: public.is_admin(

shipments

drivers_update_own_shipments: UPDATE on shipments
- Condition: auth.uid(
admin_all: ALL on shipments
- Condition: EXISTS ( SELECT 1 FROM public.user_roles ur WHERE ur.user_id = auth.uid(

Row-Level Security (RLS) Policies ​

RLS Enforcement Flow ​

How RLS Works ​

transport_details ​

profiles ​

shipments ​

Row-Level Security (RLS) Policies

RLS Enforcement Flow

How RLS Works

transport_details

profiles

shipments