RLS Policies Inquiry

Question

Hi Riya,\u000a\u000aDoes NoCodeBackend support:\u000a\u002D An authenticated private_read / own_read_only policy?\u000a\u000aSimilar to the public RLS:\u000a\u002D public_read\u000a\u002D public_write\u000a\u002D public_readwrite\u000a\u002D public_scoped_read\u000a\u002D public_scoped_write\u000a\u002D public_scoped_readwrite\u000a\u000aIs it possible to restrict private/authenticated users to read_only?\u000a\u000aThank you so much for your help on this!

Riya_NoCodeBackend · Answer

Hi,\u000aCurrently we have below:\u000aRow Level Security (RLS): Controls who can access each table\u0027s data.\u000a\u000aPrivate (default) — Only the logged\u002Din admin who created the data can see it. Authentication required.\u000aShared — All logged\u002Din admins can see each other\u0027s data (useful for team features). Authentication still required.\u000aPublic — Anyone on the internet can access the data without logging in, via /api/public\u002Ddata/ (useful for booking pages, blogs, storefronts).\u000aScoped Public — Same as Public, but data is filtered to a specific admin using owner_id (e.g. show only Admin A\u0027s event types on their booking page).\u000a\u000aYou can combine one Shared + one Public policy per table. The admin panel (/api/data/) always requires login regardless of the policy set here.

martineliascz · Answer

Hi Riya, thank you for your reply! To make this super clear: It is currently not possible for authenticated users to access authenticated table with read only permission (immutable table) and with write permission on another table, right?

NoCodeBackend

Share NoCodeBackend

Choose a plan

Related questions