How to use stored procedure in row-level security?

[nvcnvn]

For example I have a customSecurityRule stored procedure that accept a userID, any method so I can use it with metadata?

{
   "type": "create_select_permission",
   "args": {
      "table": "article",
      "role": "author",
      "permission": {
         "columns": "*",
         "filter": {
            "customSecurityRule": "X-Hasura-User-Id"
         }
      }
   }
}

[s1monj]

I'd also find a feature to match against named values useful eg I was hoping to access the postgres schema name from inside a permission config. I have a multi-tenant setup where tenants are isolated by their postgres schema (because they have completely different tables) and I wanted to do a custom check permission of the schema name against a X-Hasura-Tenant-Name header

[ayuryshev]

Please correct me if I'm wrong but AFAIK there is no possibility to call stored procedures in Row select permissions.

You can create a function that accepts user id or hasura_session and register it in hasura.

Then it's possible to do all authorization checks inside such function.

That's how we do authorization.

Hasura Row-level security is more for coarse-grained checks. E.g. make data of one client invisible to other client.

[nvcnvn]

Please correct me if I'm wrong but AFAIK there is no possibility to call stored procedures in Row select permissions.

You can create a function that accepts user id or hasura_session and register it in hasura.

Then it's possible to do all authorization checks inside such function.

That's how we do authorization.

Hasura Row-level security is more for coarse-grained checks. E.g. make data of one client invisible to other client.

let me explain more, using Postgres RLS:

CREATE POLICY user_sel_policy ON users
    FOR SELECT
    USING (customSecurityRule(hasura_jwt_id));

So, if we have a way to use customSecurityRule as condition, it will be handy for ppl already have RLS logic using Postgres native solution.