> This page location: Backend > Postgres RLS > RLS in Neon
> Full Neon documentation index: https://neon.com/docs/llms.txt

# Row-Level Security with Neon

How Neon features use Postgres Row-Level Security

**What you will learn:**

- How the Data API uses Row-Level Security

**Related docs**

- [Data API](https://neon.com/docs/data-api/get-started)
- [Simplify RLS with Drizzle](https://neon.com/docs/guides/rls-drizzle)
- [Postgres RLS Tutorial](https://neon.com/postgresql/postgresql-administration/postgresql-row-level-security)

Row-Level Security (RLS) is a Postgres feature that controls access to individual rows in a table based on the current user. Here's a simple example that limits the `notes` a user can see by matching rows where their `user_id` matches the session's `auth.user_id()`:

```sql
-- Enable RLS on a table
ALTER TABLE notes ENABLE ROW LEVEL SECURITY;

-- Create a policy that only allows users to access their own notes
CREATE POLICY "users_can_only_access_own_notes" ON notes
  FOR ALL USING (auth.user_id() = user_id);
```

When using the Data API for client-side querying, RLS policies are required to secure your data.

## Data API with RLS

The **Data API** turns your database tables on a given branch into a REST API, and it requires RLS policies on all tables to ensure your data is secure.

### How it works

- The Data API handles JWT validation and provides the `auth.user_id()` function.
- Your RLS policies use `auth.user_id()` to control access.
- All tables accessed via the Data API must have RLS enabled.

* [Get started](https://neon.com/docs/data-api/get-started): Learn how to enable and use the Data API with RLS policies
* [Building a note-taking app](https://neon.com/docs/data-api/demo): See a complete example of the Data API with RLS in action

## RLS with Drizzle ORM

Drizzle makes it simple to write RLS policies that work with the Data API. We highly recommend using its `crudPolicy` helper to simplify common RLS patterns.

- [Simplify RLS with Drizzle](https://neon.com/docs/guides/rls-drizzle): Learn how to use Drizzle's crudPolicy function to simplify RLS policies

## Postgres RLS Tutorial

To learn the fundamentals of Row-Level Security in Postgres, including detailed concepts and examples, see the Postgres tutorial:

- [Postgres RLS Tutorial](https://neon.com/postgresql/postgresql-administration/postgresql-row-level-security): A complete guide to Postgres Row-Level Security concepts and implementation

---

## Related docs (Postgres RLS)

- [Simplify RLS with Drizzle](https://neon.com/docs/guides/rls-drizzle)
- [Run RLS queries with Drizzle ORM](https://neon.com/docs/guides/rls-query-execution)