Need RLS for other databases?
RLS currently supports ClickHouse, PostgreSQL, and BigQuery. Email us to request support for your database.
Supported Databases
Camel supports row-level security across multiple database platforms, each with its own implementation approach:PostgreSQL
Native RLS policies with session variables
ClickHouse
Row policies with custom settings
BigQuery
Row access policies with user credentials
How It Works
When a user interacts with Camel (through an iframe or the API), Camel automatically manages the security context for each query:- User Identification: Each request includes a unique
uid
identifier - Session Context: Camel sets database-specific session variables or settings
- Policy Enforcement: Your database’s RLS policies use these variables to filter data
- Automatic Filtering: Users only see rows they’re authorized to access
Implementation Approaches
Dynamic Session Variables
PostgreSQL & ClickHouse: Camel sets a session variable (camel.uid
or SQL_camel_uid
) for each query. Your RLS policies reference this variable to filter data dynamically.
Per-User Connections
BigQuery: Since BigQuery doesn’t support session variables, you’ll need to create separate connections with different credentials for each user or group.Security Benefits
- Data Isolation: Ensures complete data separation between users
- SQL Injection Protection: Session variables are set outside of SQL queries
- Fail-Safe: Queries without proper authentication fail rather than exposing data