zor•5mo ago

Are there any examples of best security practices for implementing role-based access control (RBAC)

Are there any examples of best security practices for implementing role-based access control (RBAC) when making requests in a Next.js application using Clerk for authentication and Convex as the backend? Specifically, how should server-side validation be approached?

6 Replies

zorOP•5mo ago

Not necessarily Clerk. Assume any auth Am I just supposed to use simply useQuery and not think much?

Eva•5mo ago

Also interested in the answer to this 💜

jamwt•5mo ago

https://github.com/get-convex/convex-helpers/blob/main/convex/lib/rowLevelSecurity.ts

GitHub

convex-helpers/convex/lib/rowLevelSecurity.ts at main · get-convex/...

A collection of useful code to complement the official packages. - get-convex/convex-helpers

jamwt•5mo ago

in general, convex helpers with customQuery and customMutation are the building blocks for enforcing access controls

jamwt•5mo ago

background and theory: https://stack.convex.dev/custom-functions

Customizing serverless functions without middleware

Re-use code and centralize request handler definitions with discoverability and type safety and without the indirection of middleware or nesting of wr...

jamwt•5mo ago

and then that github link shows implementing RLS using this method

Are there any examples of best security practices for implementing role-based access control (RBAC)

Did you find this page helpful?