database
auth
backend
Enhanced access control: updated policies and JWT handling
- Stronger access controls across projects, API keys, and user data — We replaced outdated database policies with a comprehensive set of new rules so access is now enforced more consistently by ownership and organization admin roles. The update also fixed how the app reads user identity from JWTs to prevent mismatches.
Security
- Replaced many outdated row-level policies with new, stricter policies that enforce access based on user or organization ownership.database
- Updated how user identity is extracted from JWTs in policies to use a consistent and more secure method across the application.auth
- Refined organization-level checks so admin roles more reliably control access to org-owned resources.auth
Improvements
- Improved reliability and performance of permission checks by simplifying and reorganizing policy conditions.backend
Performance
- Applied a migration that safely dropped and recreated policies across multiple tables to deploy the security improvements (large migration: 613 additions, 63 deletions).database