Postgres Row Level Security
Policies
Policies are easy to understand once you get the hang of them. Each policy is attached to a table, and the policy is executed every time a table is accessed. You can just think of them as adding a WHERE clause to every query. For example a policy like this …
create policy "Individuals can view their own todos."
on todos for select
using ( auth.uid() = user_id );.. would translate to this whenever a user tries to select from the todos table:
select *
from todos
where auth.uid() = todos.user_id; -- Policy is implicitly added.