> This page location: Backend > Postgres RLS > RLS in Neon
> Full Neon documentation index: https://neon.com/docs/llms.txt

> Summary: Row-Level Security (RLS) in Neon restricts table access to individual rows based on the authenticated user, and is required on every table exposed through the Neon Data API. Use this page when adding RLS policies to a Data API project or using Drizzle ORM's crudPolicy helper to simplify per-user access control in a Postgres database.

# Row-Level Security with Neon

How Neon features use Postgres Row-Level Security

**What you will learn:**

- How the Data API uses Row-Level Security

**Related docs**

- [Data API](https://neon.com/docs/data-api/get-started)
- [Simplify RLS with Drizzle](https://neon.com/docs/guides/rls-drizzle)
- [Postgres RLS Tutorial](https://neon.com/postgresql/postgresql-administration/postgresql-row-level-security)

Row-Level Security (RLS) is a Postgres feature that controls access to individual rows in a table based on the current user. Here's a simple example that limits the `notes` a user can see by matching rows where their `user_id` matches the session's `auth.user_id()`:

```sql
-- Enable RLS on a table
ALTER TABLE notes ENABLE ROW LEVEL SECURITY;

-- Create a policy that only allows users to access their own notes
CREATE POLICY "users_can_only_access_own_notes" ON notes
  FOR ALL USING (auth.user_id() = user_id);
```

When using the Data API for client-side querying, RLS policies are required to secure your data.

## Data API with RLS

The **Data API** turns your database tables on a given branch into a REST API, and it requires RLS policies on all tables to ensure your data is secure.

### How it works

- The Data API handles JWT validation and provides the `auth.user_id()` function.
- Your RLS policies use `auth.user_id()` to control access.
- All tables accessed via the Data API must have RLS enabled.

* [Get started](https://neon.com/docs/data-api/get-started): Learn how to enable and use the Data API with RLS policies
* [Building a note-taking app](https://neon.com/docs/data-api/demo): See a complete example of the Data API with RLS in action

## RLS with Drizzle ORM

Drizzle makes it simple to write RLS policies that work with the Data API. We highly recommend using its `crudPolicy` helper to simplify common RLS patterns.

- [Simplify RLS with Drizzle](https://neon.com/docs/guides/rls-drizzle): Learn how to use Drizzle's crudPolicy function to simplify RLS policies

## Postgres RLS Tutorial

To learn the fundamentals of Row-Level Security in Postgres, including detailed concepts and examples, see the Postgres tutorial:

- [Postgres RLS Tutorial](https://neon.com/postgresql/postgresql-administration/postgresql-row-level-security): A complete guide to Postgres Row-Level Security concepts and implementation

---

## Related docs (Postgres RLS)

- [Simplify RLS with Drizzle](https://neon.com/docs/guides/rls-drizzle)
- [Run RLS queries with Drizzle ORM](https://neon.com/docs/guides/rls-query-execution)