Skip to content

Row-level security

HELAÜLOOM enforces vault isolation at the application layer in all environments and at the PostgreSQL row-level security layer in production.

Each authenticated database transaction sets app.current_user_id so policies on Vault, VaultEntry, audit logs, support chat, and collaboration activity apply automatically.

Policies are defined in prisma/postgres/rls-policies.sql and applied via scripts/apply-rls.sh after migrate deploy.

← Security overview