Row-Level Security (RLS)¶
Restrict which rows a role can see by defining filter policies. Filters are injected at query time — never modify base tables.
Configuration¶
Create a security.yml file in your project root:
# security.yml
rls:
orders:
viewer: "region = current_setting('app.region')"
editor: "1=1"
users:
viewer: "is_active = true"
admin: "1=1"
Alternatively, RLS policies can be defined in kelpmesh.yml under rls: or security.rls:.