access-policy-designer
Installation
SKILL.md
Access Policy Designer Protocol
This skill enforces Zero Trust at the database layer. Instead of relying purely on the application backend to filter WHERE tenant_id = ?, it pushes security down to the database engine to prevent data leaks.
Core assumption: Application code has bugs. Database security policies (RLS/Views) are the final, unbreakable safety net against SQL Injection or logic flaws.
1. Requirement Translation
Convert business rules into technical access models.
Business Rule: "Doctors can only see their own patients' records."
Translation: We need Row-Level Security (RLS) on the patients table where primary_doctor_id = current_user_id().
2. Policy Paradigms
Row-Level Security (RLS) - PostgreSQL / Supabase
- Define policies for
SELECT,INSERT,UPDATE, andDELETE. - Distinguish between Who you are (Current Role/User) and What you belong to (Tenant/Organization ID).