What databases does this RLS skill support?

While primarily optimized for PostgreSQL and Supabase, these patterns and logic can be adapted for any database engine that supports Row-Level Security features.

How can I audit my current security setup using this skill?

The skill includes debugging queries to find tables missing RLS, identify tables without policies, and scripts to impersonate specific users to verify data visibility.

How does this help with multi-tenant isolation?

It provides specific templates for tenant_id enforcement, cross-tenant admin access, and helper functions to securely retrieve tenant context from JWT claims or session data.

Can it help fix infinite recursion errors in SQL?

Yes, it includes three specific architectural solutions for recursive policies, such as using SECURITY DEFINER functions or denormalized arrays to eliminate circular table references.

Does it handle service role and admin access?

Yes, the skill includes critical bypass policies for super admins and service roles to ensure that background jobs, migrations, and server-side SDKs are not inadvertently blocked.

RLS Security Patterns

Name: RLS Security Patterns
Author: antoineschaller

byantoineschaller

•

Database Management

Implements robust Row-Level Security (RLS) policies for multi-tenant and user-scoped database architectures.

About

The rls-security skill provides a comprehensive library of battle-tested patterns for implementing Row-Level Security in PostgreSQL and Supabase environments. It guides developers through the critical steps of enabling RLS, defining granular access policies for CRUD operations, and setting up essential admin and service role bypasses. The skill specifically addresses advanced scenarios like multi-tenant isolation, role-based access control (RBAC), and performance-optimized strategies to avoid infinite recursion, while offering deep diagnostic utilities to audit and verify security constraints during development.

Key Features

Advanced recursion prevention strategies using denormalized arrays and helper functions
Multi-tenant isolation patterns using tenant_id enforcement and JWT claims
Critical admin and service role bypass implementations for backend SDK compatibility
Standardized RLS policy templates for SELECT, INSERT, UPDATE, and DELETE operations
1 GitHub stars
Diagnostic tools for auditing missing policies and impersonating users for security testing

Use Cases

Debugging and resolving silent database failures or infinite recursion loops in security policies
Implementing granular Role-Based Access Control (RBAC) directly at the database layer
Building a multi-tenant SaaS application with strict data isolation between organizations

About

Key Features

Advanced recursion prevention strategies using denormalized arrays and helper functions
Multi-tenant isolation patterns using tenant_id enforcement and JWT claims
Critical admin and service role bypass implementations for backend SDK compatibility
Standardized RLS policy templates for SELECT, INSERT, UPDATE, and DELETE operations
1 GitHub stars
Diagnostic tools for auditing missing policies and impersonating users for security testing

Use Cases

Debugging and resolving silent database failures or infinite recursion loops in security policies
Implementing granular Role-Based Access Control (RBAC) directly at the database layer
Building a multi-tenant SaaS application with strict data isolation between organizations