Row Level Security
Row Level Security (RLS)
Restrict data access on a per-user basis across different databases.
Row Level Security (RLS) allows you to restrict which rows are visible to each user, based on their unique identifier (uid). This ensures that users only see the data they're authorized to access.
Need RLS for other databases?RLS currently supports ClickHouse, PostgreSQL, and BigQuery. Email us to request support for your database.
Supported Databases
Camel supports row-level security across multiple database platforms, each with its own implementation approach:
Native RLS policies with session variables
Row policies with custom settings
Row access policies with user credentials
How It Works
When a user interacts with Camel (through an iframe or the API), Camel automatically manages the security context for each query:
- User Identification: Each request includes a unique
uididentifier - Session Context: Camel sets database-specific session variables or settings
- Policy Enforcement: Your database's RLS policies use these variables to filter data
- Automatic Filtering: Users only see rows they're authorized to access
Implementation Approaches
Dynamic Session Variables
PostgreSQL & ClickHouse: Camel sets a session variable (camel.uid or SQL_camel_uid) for each query. Your RLS policies reference this variable to filter data dynamically.
Per-User Connections
BigQuery: Since BigQuery doesn't support session variables, you'll need to create separate connections with different credentials for each user or group.
Security Benefits
- Data Isolation: Ensures complete data separation between users
- SQL Injection Protection: Session variables are set outside of SQL queries
- Fail-Safe: Queries without proper authentication fail rather than exposing data
Getting Started
Choose your database platform to see specific implementation instructions:
For further help, contact support@camelai.com.