Shipping Multi-Tenant SaaS Using Postgres Row-Level Security

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
zanzibar authzed Authorization RDBMS spicedb

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • spicedb

    Open Source, Google Zanzibar-inspired permissions database to enable fine-grained access control for customer applications

    • As the developer of an external authorization system (full disclosure)[0], I feel obligated to chime in the critiques of external authorization systems in this article. I do think RLS is great and definitely fits the OP's use case and we recommend folks use a solution like this until they hit complexity limitations. Anyways, here's my rebuttal:

    1+2 Cost + Unnecessary complexity: this argument can be used against anything that doesn't fit the given use case. There's no silver bullet for any choice of solution. You should only adopt the solution that makes the most sense for you and vendors should be candid about when they wouldn't recommend adopting their solution -- it'd be bad for both the users and reputation of the solution.

    3: External dependencies: That depends on the toolchain. Integration testing against SpiceDB is easier than Postgres, IMO [1]. SpiceDB testing can also model check your schema so that you're certain there are no flaws in your design. In practice, I haven't seen folks write tests to assert that their assumptions about RLS are maintained over time.

    4: I'm not sure I understand this point. Most companies do not employ authorization experts and solutions worth their salt should natively support multi-tenant use cases.

    [0]: https://github.com/authzed/spicedb

    [1]: https://github.com/authzed/examples/tree/main/integration-te...

  • examples

    A collection of examples for SpiceDB users (by authzed)

    • As the developer of an external authorization system (full disclosure)[0], I feel obligated to chime in the critiques of external authorization systems in this article. I do think RLS is great and definitely fits the OP's use case and we recommend folks use a solution like this until they hit complexity limitations. Anyways, here's my rebuttal:

    1+2 Cost + Unnecessary complexity: this argument can be used against anything that doesn't fit the given use case. There's no silver bullet for any choice of solution. You should only adopt the solution that makes the most sense for you and vendors should be candid about when they wouldn't recommend adopting their solution -- it'd be bad for both the users and reputation of the solution.

    3: External dependencies: That depends on the toolchain. Integration testing against SpiceDB is easier than Postgres, IMO [1]. SpiceDB testing can also model check your schema so that you're certain there are no flaws in your design. In practice, I haven't seen folks write tests to assert that their assumptions about RLS are maintained over time.

    4: I'm not sure I understand this point. Most companies do not employ authorization experts and solutions worth their salt should natively support multi-tenant use cases.

    [0]: https://github.com/authzed/spicedb

    [1]: https://github.com/authzed/examples/tree/main/integration-te...

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • PostgreSQL

    Mirror of the official PostgreSQL GIT repository. Note that this is just a *mirror* - we don't work with pull requests on github. To contribute, please see https://wiki.postgresql.org/wiki/Submitting_a_Patch

    • Be aware when using RLS with views: By default the RLS policy will be executed with the permissions of the owner of the view instead with the permissions of the user executing the current query. This way it can easily happen that the RLS policy will be bypassed because the owner of the view is a admin account or the same account that owns the underlying table (see the the gotchas section of the original post).

    However, upcoming PostgreSQL 15 adds support for security invoker views: https://github.com/postgres/postgres/commit/7faa5fc84bf46ea6...

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Show HN: Open-source authorization service based on Google-Zanzibar

    8 projects | news.ycombinator.com | 14 Jul 2022

  • OpenFGA: A high performance and flexible authorization/permission engine

    1 project | news.ycombinator.com | 29 Aug 2023

  • warrant VS openfga - a user suggested alternative

    2 projects | 15 Aug 2023

  • Feature flags and authorization abstract the same concept

    2 projects | news.ycombinator.com | 10 Apr 2023

  • Authz: Authorization backend using ABAC and RBAC

    1 project | /r/golang | 16 Jan 2023