Implement row-level security, role-based access, data masking, and field-level encryption.
Prax provides comprehensive security features including Row-Level Security (RLS), role management, fine-grained grants, and data masking.
| Feature | PostgreSQL | MySQL | SQLite | MSSQL | MongoDB |
|---|---|---|---|---|---|
| Row-Level Security | ✅ | ❌ | ❌ | ✅ | ✅ Field-level |
| Column-Level Grants | ✅ | ✅ | ❌ | ✅ | ✅ |
| Roles & Users | ✅ | ✅ | ❌ | ✅ | ✅ |
| Data Masking | ✅ | ✅ Enterprise | ❌ | ✅ | ✅ |
| Field Encryption | ✅ pgcrypto | ✅ | ❌ | ✅ | ✅ CSFLE |
Automatically filter rows based on security policies. Users only see data they're authorized to access.
Implement tenant isolation with RLS policies tied to session variables or JWT claims.
Best Practice: Use RLS for tenant isolation instead of WHERE clauses. It's enforced at the database level, preventing accidental data leaks in application code.
Create hierarchical roles with inherited privileges.
Grant fine-grained permissions at table, column, or schema level.
Mask sensitive data for non-privileged users without changing the stored data.
Configure named connection profiles with security settings.
MongoDB role-based access control and Client-Side Field Level Encryption (CSFLE).
Grant only the minimum permissions needed. Use role hierarchies to manage permissions centrally and revoke easily.
RLS policies are enforced at the database level, making it impossible for application bugs to leak data between tenants.
Log all role and permission changes. Use migrations for security changes so they're version controlled and reviewable.
Use CSFLE (MongoDB) or pgcrypto (PostgreSQL) for sensitive fields. Encryption protects data even if the database is compromised.