Security & Sync
/
Security & Access Control
Security & Access Control
Row-level security and physical tenant scoping, enforced on every surface.
Resources opt into row-level security declaratively. The rules are compiled into the manifest and enforced in rastack-api-core on every surface — server, browser, and admin alike.
1
export
const
Note
=
resource
(
"notes"
,
"note"
,
{
2
title
:
s
.
string
({
maxLength
:
120
}),
6
ownerField
:
"owner"
,
// stamp + filter by the caller
7
scope
:
"owner"
,
// physically partition the table
8
adminGroups
:
[
"staff"
],
// groups that bypass the row filter
What the access config does
stamps the owner on write, filters lists, and returns 404 on cross-identity access
physically partitions the table under warehouse/tenants/{sub}/…
groups whose members bypass the row filter
Partitioned all the way down
The model is one idea applied at every layer: data is partitioned by identity all the way down. The same verified Cognito sub keys the S3 prefix, the API row filter, and the device cache namespace.
•
S3 key prefix — the Cognito Identity Pool role fences tenants/{sub}/ with the ${cognito-identity.amazonaws.com:sub} IAM policy variable.
•
API row filter — rastack-api-core filters every list and returns 404 on cross-identity reads.
•
Device cache namespace — local data is namespaced per identity; revoked access deletes it.
› Good to know
Because the same rastack-api-core runs in the browser, a client cannot escape these rules by talking to the WASM engine directly — the engine enforces them too.
Build with AI
Every page is available as clean Markdown for LLMs and coding agents. Point one at the files below to build on top of React API Stack.
React API Stack · alpha · built to scale to millions