Security & Access Control

Implement row-level security, role-based access, data masking, and field-level encryption.

Overview

Prax provides comprehensive security features including Row-Level Security (RLS), role management, fine-grained grants, and data masking.

Feature PostgreSQL MySQL SQLite MSSQL MongoDB
Row-Level Security Field-level
Column-Level Grants
Roles & Users
Data Masking Enterprise
Field Encryption pgcrypto CSFLE

Row-Level Security (RLS)

Automatically filter rows based on security policies. Users only see data they're authorized to access.

Multi-Tenant Isolation

Implement tenant isolation with RLS policies tied to session variables or JWT claims.

Best Practice: Use RLS for tenant isolation instead of WHERE clauses. It's enforced at the database level, preventing accidental data leaks in application code.

Role Management

Create hierarchical roles with inherited privileges.

Grants & Privileges

Grant fine-grained permissions at table, column, or schema level.

Dynamic Data Masking

Mask sensitive data for non-privileged users without changing the stored data.

Connection Profiles

Configure named connection profiles with security settings.

MongoDB Security

MongoDB role-based access control and Client-Side Field Level Encryption (CSFLE).

Best Practices

Principle of Least Privilege

Grant only the minimum permissions needed. Use role hierarchies to manage permissions centrally and revoke easily.

Use RLS for Multi-Tenancy

RLS policies are enforced at the database level, making it impossible for application bugs to leak data between tenants.

Audit Security Changes

Log all role and permission changes. Use migrations for security changes so they're version controlled and reviewable.

Encrypt Sensitive Data

Use CSFLE (MongoDB) or pgcrypto (PostgreSQL) for sensitive fields. Encryption protects data even if the database is compromised.