> This page location: Backend > Postgres RLS > RLS in Neon > Full Neon documentation index: https://neon.com/docs/llms.txt # Row-Level Security with Neon How Neon features use Postgres Row-Level Security **What you will learn:** - How the Data API uses Row-Level Security **Related docs** - [Data API](https://neon.com/docs/data-api/get-started) - [Simplify RLS with Drizzle](https://neon.com/docs/guides/rls-drizzle) - [Postgres RLS Tutorial](https://neon.com/postgresql/postgresql-administration/postgresql-row-level-security) Row-Level Security (RLS) is a Postgres feature that controls access to individual rows in a table based on the current user. Here's a simple example that limits the `notes` a user can see by matching rows where their `user_id` matches the session's `auth.user_id()`: ```sql -- Enable RLS on a table ALTER TABLE notes ENABLE ROW LEVEL SECURITY; -- Create a policy that only allows users to access their own notes CREATE POLICY "users_can_only_access_own_notes" ON notes FOR ALL USING (auth.user_id() = user_id); ``` When using the Data API for client-side querying, RLS policies are required to secure your data. ## Data API with RLS The **Data API** turns your database tables on a given branch into a REST API, and it requires RLS policies on all tables to ensure your data is secure. ### How it works - The Data API handles JWT validation and provides the `auth.user_id()` function. - Your RLS policies use `auth.user_id()` to control access. - All tables accessed via the Data API must have RLS enabled. * [Get started](https://neon.com/docs/data-api/get-started): Learn how to enable and use the Data API with RLS policies * [Building a note-taking app](https://neon.com/docs/data-api/demo): See a complete example of the Data API with RLS in action ## RLS with Drizzle ORM Drizzle makes it simple to write RLS policies that work with the Data API. We highly recommend using its `crudPolicy` helper to simplify common RLS patterns. - [Simplify RLS with Drizzle](https://neon.com/docs/guides/rls-drizzle): Learn how to use Drizzle's crudPolicy function to simplify RLS policies ## Postgres RLS Tutorial To learn the fundamentals of Row-Level Security in Postgres, including detailed concepts and examples, see the Postgres tutorial: - [Postgres RLS Tutorial](https://neon.com/postgresql/postgresql-administration/postgresql-row-level-security): A complete guide to Postgres Row-Level Security concepts and implementation --- ## Related docs (Postgres RLS) - [Simplify RLS with Drizzle](https://neon.com/docs/guides/rls-drizzle)