Integrate with Row Level Security (RLS)
Allow clear integration with Postgres's RLS while defining access permissions.
Scott Pierce
shared this idea
-
Fred Zhang commented
Interesting idea. Data connect took a slightly different approach. Authorization are done at query / mutation level with `@auth` directives.
Two Camps:
A) Resource level auth policy.
e.g. Postgres's RLS, Security Rules in Firestore / Firebase Storage and RTDB
B) Operation level auth policy.
Cloud Function, Cloud run. Any backend API usually comes with an auth checkWe considered existing feedbacks on Firestore and RTDB Security Rules. Open insecure rules are huge concern because it's "too easy" for early development.
When a resource is accessed by different means, it's repetitive and often bug-prone to include every case. This gave birth to emulator suite and security rules testing.When we design data connect, we debated those two security models heavily. We chose the B) operation level security, so that it's
- secure by default: no way to access a row without a query defined.
- easy to write: operation auth policy has relevant context. It reduces risk of outage due to misconfigured rules on a shared row.On the other side, you may use the same Cloud SQL database via data connect and other servers. It's great callout out that data connect shall be compatible with Postgres' security best practices.