Set Up Row-Level Security (RLS)

How to protect sheet data from unauthorized access

Written By Vins

Last updated About 14 hours ago

Overview

Row-Level Security (RLS) in DataStripes allows you to control which users can see specific rows of data, enforcing privacy and compliance at the data layer. RLS is enforced by backend gateways (Firestore rules, Supabase policies) and is essential for shared projects.

Configuring RLS

  1. Open the RLS configuration panel (see security settings or backend rules file).

  2. Define filters for each sheet or for all sheets. Each filter targets a specific column or set of columns.

  3. Combine rules using AND/OR logic as needed for complex access policies.

  4. Specify which user attribute to compare (e.g., email, id, tier, username).

  5. Save the configuration and test with different user accounts.

Example Configuration (JSON)

{ "sheet": "Sales", "rules": [ { "column": "OwnerEmail", "operator": "=", "filterBy": "email" }, { "column": "Region", "operator": "IN", "filterBy": "user_region" } ], "logic": "AND" }

Advanced Features

  • Global Filters: Apply rules to all sheets using a wildcard.

  • Multiple Rules: Combine as many rules as needed for granular access.

  • Dynamic Attributes: Use user properties (tier, id, custom claims) for flexible policies.

Tips & Best Practices

  • Always test RLS with different user roles to ensure correct access.

  • The project owner always bypasses RLS and sees all data.

  • If a column is missing, the user is unauthenticated, or rules are empty, the sheet returns zero rows for safety.

  • Document your RLS policies for future maintenance.

Troubleshooting

  • If users see no data, check for misconfigured rules or missing columns.

  • Use logs or audit trails to monitor RLS enforcement.

  • For complex logic, break down rules and test incrementally.

RLS is a critical feature for secure, multi-user data applications—configure it carefully to protect your data and users.