
Stop calling PostgREST “MAGIC” - vasco
https://medium.freecodecamp.org/stop-calling-postgrest-magic-8f3e1d5e5dd1
======
wingi
Hi, I read the postgREST documentation about the issue of user referencing. I
found "only" the data base user roles.
[https://postgrest.com/en/v4.3/auth.html#client-
auth](https://postgrest.com/en/v4.3/auth.html#client-auth)

Do I create for every "web user" a new database user?

Or can I reference the "userId" from the JWT as an selector?

Example:

Reqest: curl -H "Auth.... crypt(userId=2)" /todo/1 SQL: select * from todo
where id=1 and userId = 2

?

~~~
ruslan_talpa
you don't create a database user for every web user (unless maybe if you have
like only 5-10 webusers in total).

you use the user_id from the jwt tokens in your RLS policies and view
definitions. More details here [https://github.com/subzerocloud/postgrest-
starter-kit/wiki/A...](https://github.com/subzerocloud/postgrest-starter-
kit/wiki/Athentication-Authorization-Flow)

~~~
wingi
Thank you - that is the missing point!

