Secure your database with Teta CMS policies
10/07/2022 - 3 min read
What is Teta CMS
Teta CMS is a low-code back-end service. We provide:
- Scalable NoSQL database
- Real-time subscriptions
- User authentication system and policies
- Perform custom queries on your collections with our Ayaya language
- Use an easy-to-use and responsive user interface
See our GitHub Repo
You can see the source code in this repo
What are policies
Policies are security rules.
Each policy is linked to a specific collection, and each policy is executed every time a collection is called in a query / API.
Essentially, they are additional conditions for each query that will be made to the collection.
How do they work
A policy is essentially a condition between a field and a value.
In Ayaya, it is:
They can also be used dynamically to detect if the current user has the right permissions.
To do that, you can use:
- $uuid - the current user's id
- $email - the current user's email
- $name - the current user's name
How to set them within Teta
To set them on your collection, navigate to:
- app.teta.so > project dashboard > database > policies (on top right)
Add a new policy
In order to add a new policy on your collection, inside the policies panel, click on
You have to choose the scope of your policy, which could be one of them:
The scope defines on which action the policy will be trigger on.
It is possible to define one policy per scope.
Then you have to fill the
'key name'field, which will be the database field name, and the
We provide two shortcuts to insert the current user id and email.
Policies are useful to set permission on database action.
One famous example is for chat apps.
We want to limit the delete action on
'messages' collection only on docs with the same email of the current user.
In this way, the user is only able to delete their messages, but not the others.
Teta CMS makes it easy to integrate policies into the database.
With them, you can increase the security of the back-end, preventing unwanted actions by users.