Does it support PostgreSQL views?

Yes, it specifically checks for view bypass vulnerabilities and ensures views use the 'security_invoker = true' property to respect caller permissions.

How does it handle connection pooling?

It enforces the use of 'SET LOCAL' within transactions to prevent tenant context leakage between pooled connections in high-traffic applications.

When does the postgres-rls skill trigger?

It activates whenever you modify database migrations, authentication tables, or files containing multi-tenant architecture logic like tenant IDs and RLS policy definitions.

Can it help with RLS performance issues?

Absolutely. The skill provides specific patterns for indexing policy columns and wrapping functions in subqueries to prevent per-row performance degradation.

Why is 'FORCE ROW LEVEL SECURITY' necessary?

By default, table owners bypass RLS. This skill ensures both ENABLE and FORCE statements are used to prevent data leaks even when accessed by owners.

PostgreSQL Row Level Security (RLS)

Name: PostgreSQL Row Level Security (RLS)
Author: troykelly

bytroykelly

•

데이터베이스 관리

Enforces robust multi-tenant data isolation by auditing PostgreSQL Row Level Security policies and preventing common bypass vulnerabilities.

소개

This skill provides an opinionated framework for implementing and auditing PostgreSQL Row Level Security (RLS) to ensure bulletproof data isolation in multi-tenant applications. It automatically identifies security gaps such as superuser bypasses, table owner leaks, and view vulnerabilities while providing high-performance patterns for policy functions and transaction-scoped contexts. It acts as a mandatory guardrail whenever Claude touches authentication tables, tenant isolation logic, or database migration scripts, ensuring that your last line of defense against data breaches is correctly configured.

주요 기능

Detection of critical bypass vulnerabilities including Superuser, Owner, and View leaks
2 GitHub stars
Validation of USING and WITH CHECK clauses for complete read/write protection
Performance optimization guidance for policy functions, indexing, and subquery wrapping
Automated generation of RLS implementation artifacts for security audit trails
Standardized migration patterns for safe RLS deployment on large, existing tables

사용 사례

Securing multi-tenant SaaS applications with strict data isolation requirements
Auditing database migrations for security footguns before production deployment
Optimizing slow RLS policies for high-performance production database workloads

소개

주요 기능

Detection of critical bypass vulnerabilities including Superuser, Owner, and View leaks
2 GitHub stars
Validation of USING and WITH CHECK clauses for complete read/write protection
Performance optimization guidance for policy functions, indexing, and subquery wrapping
Automated generation of RLS implementation artifacts for security audit trails
Standardized migration patterns for safe RLS deployment on large, existing tables

사용 사례

Securing multi-tenant SaaS applications with strict data isolation requirements
Auditing database migrations for security footguns before production deployment
Optimizing slow RLS policies for high-performance production database workloads