postgres-rls-pattern
CommunityEnforce tenant-safe Postgres access with RLS.
Software Engineering#multi-tenant#row-level security#postgres#security policies#query wrapper#organization scoping#service role bypass
Authorjacob-balslev
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Prevents cross-tenant data leaks in multi-tenant SaaS by ensuring every Postgres query is automatically scoped to the current organization at the database security layer (Row Level Security), not just in application WHERE clauses.
Core Features & Use Cases
- RLS policy triple coverage: Defines the full required set of safeguards using FORCE ROW LEVEL SECURITY plus matching USING and WITH CHECK logic to close gaps across SELECT/INSERT/UPDATE/DELETE.
- Tenant-scoped query wrapper: Provides an orgQuery(orgId) transaction wrapper that sets app.current_org_id per statement via set_config, ensuring connection pooling does not cause tenant context bleed.
- Safe service-role separation: Establishes when and how to use a systemQuery wrapper for legitimate cross-org operations (cron, admin, migrations) that must bypass RLS intentionally.
Quick Start
Use the postgres-rls-pattern skill to implement an orgQuery(orgId) wrapper and add RLS policies that enforce tenant scoping for every tenant-bound table.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: postgres-rls-pattern Download link: https://github.com/jacob-balslev/skill-graph/archive/main.zip#postgres-rls-pattern Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.