37 Repos
Techniques for restricting access to individual data records based on user-defined criteria or ownership.
Distinguishing note: Operates at the data record level rather than the resource or collection level.
Explore 37 awesome GitHub repositories matching security & cryptography · Row-Level Security. Refine with filters or upvote what's useful.
Drizzle ORM is a TypeScript-native database toolkit providing type-safe SQL query building, schema management, and automated migrations across PostgreSQL, MySQL, SQLite, and SingleStore.
Enables fine-grained access control policies directly on database tables.
graphql-engine is an automated GraphQL API engine that transforms database tables and relationships into a queryable GraphQL schema. It functions as a federation gateway and mapper, instantly generating APIs with built-in filtering, pagination, and mutations from existing databases and remote schemas. The project distinguishes itself through a fine-grained access control layer that enforces row-level and field-level permissions. It further provides a real-time data subscription server that converts standard queries into live streams and a system for triggering event-driven webhooks and notifi
Implements fine-grained security policies that restrict data access by applying filters to specific database rows.
Knex is a multi-dialect database client that provides a programmatic SQL query builder, a connection pool manager, and a versioned schema migration tool. It enables programmatic database interaction across multiple SQL engines, including PostgreSQL, MySQL, SQLite3, SQL Server, CockroachDB, and Oracle. The project distinguishes itself through a fluent interface for constructing complex SQL statements and a dedicated framework for database seeding. It utilizes specialized dialects to translate generic query representations into database-specific syntax while maintaining a consistent API across
Provides row-level locking clauses to manage concurrent data access and prevent conflicting updates.
DataHub is a metadata management platform designed to unify technical, operational, and business context across diverse data ecosystems. By utilizing a graph-based metadata model and an event-driven ingestion architecture, it creates a centralized source of truth that maps complex data relationships, lineage, and ownership. This foundational framework enables organizations to maintain a synchronized view of their data landscape, supporting both human-led discovery and automated data operations. The platform distinguishes itself through its focus on grounding artificial intelligence and autono
Provides granular row-level security policies to restrict data visibility based on user-defined criteria.
Doctrine ORM is a PHP object-relational mapper that connects application objects to relational database tables. It uses the data mapper and identity map patterns to decouple the in-memory object model from the database schema, allowing developers to manage data persistence without writing manual SQL. The project features a dedicated object-oriented query language and programmatic builder for retrieving data based on entities rather than tables. It implements a unit-of-work system to track object changes during a request and synchronize them via atomic transactions. The capability surface inc
Implements optimistic locking using version columns to prevent concurrent update conflicts.
Napajs is an embeddable JavaScript engine and multi-threaded runtime designed to be integrated directly into other software applications as a component. It serves as a parallel computation framework that allows JavaScript code to execute across multiple threads, bypassing the standard single-threaded event loop limitation to handle CPU-intensive tasks. The runtime is distinguished by its ability to load and execute modules from the NPM ecosystem and its pluggable execution environment. This architecture allows for custom implementations of memory allocation, system logging, and performance me
Saves and fetches marshalled data from a map using locks to manage concurrent access across worker threads.
Atlantis is a GitOps deployment tool and infrastructure as code orchestrator that synchronizes cloud resources with a git repository using pull request comments. It serves as a policy-based infrastructure gate and automation system for Terraform, executing plans and applies directly from version control to coordinate deployments across multiple projects and environments. The system differentiates itself through a lock-based concurrency model that prevents simultaneous modifications to the same project or workspace. It features server-side policy validation to intercept plan outputs for compli
Prevents concurrent modifications to the same project or workspace by locking them during active operations.
The Linux Kernel Module Programming Guide is an educational resource that teaches how to write, compile, and manage loadable kernel modules for modern Linux kernels. It covers the complete lifecycle of kernel modules, from building and loading to unloading and debugging, with a focus on extending kernel functionality without recompiling the entire kernel. The guide provides comprehensive coverage of core kernel programming concepts including dynamic module loading, file-operation registration, interrupt handling, kernel-user data copying, concurrency control, and deferred task scheduling. It
Teaches kernel concurrency control using mutexes, spinlocks, and read-write locks.
Jeesite is a full-stack low-code development framework designed for building enterprise administrative portals using Spring Boot, MyBatis, and Vue. It functions as a comprehensive platform for creating administrative dashboards with integrated role-based access control and organizational data permission systems. The framework distinguishes itself through a combination of automated CRUD code generation and an integrated RAG platform that connects large language models to enterprise data via vector stores. It further incorporates a BPMN-based workflow engine to automate complex business process
Restricts data visibility at the individual record level based on roles or custom dimensions.
Atlas is a SQL database schema management tool and database infrastructure as code framework. It provides a declarative database migration engine that computes the difference between a desired schema state and the current database state to automatically generate the necessary SQL for transitions. The project distinguishes itself through a comprehensive suite of analysis and visualization tools, including a database schema linter that detects destructive changes and data loss risks. It also features a SQL schema visualization tool capable of generating entity-relationship diagrams from extract
Defines security policies that restrict data access by filtering individual rows based on user roles.
Flecs is a high-performance entity component system framework and data-oriented programming library. It serves as a simulation engine core and game engine architecture tool, decoupling state from behavior by separating entities, components, and systems. The framework features a runtime reflection layer for dynamic data inspection and a built-in scripting system for defining entity behavior without recompilation. It also includes a network interface and REST API for remote simulation administration and state querying. The library covers a broad surface of simulation capabilities, including ar
Implements locking for data tables to prevent race conditions during concurrent multi-threaded operations.
This project is a Next.js SaaS starter kit and billing boilerplate designed for building subscription-based software services. It provides a pre-configured foundation that integrates a PostgreSQL database schema with Stripe to manage recurring billing, tiered pricing models, and customer payment portals. The implementation features a synchronization system that uses webhooks to mirror external product data and subscription states into a local relational database. It includes an authentication layer that links external identity providers to user accounts and manages secure session tracking. T
Employs row-level security at the database engine level to ensure users only access their own data.
This project is a Chinese translation and educational resource focused on the internal workings of the Linux kernel. It provides a curated collection of technical content designed for studying low-level operating system mechanisms and kernel development. The project utilizes a specialized localization workflow where translations are maintained in a forked repository. It employs a patch-based model and Git-driven synchronization to align Chinese translations with the original English source files through differential merge processes. The technical scope covers core operating system internals,
Describes the use of kernel-specific locking primitives such as spinlocks, mutexes, and read-copy-update mechanisms.
Realtime is a real-time data distribution and synchronization engine that enables applications to stream database changes and coordinate state between clients. It functions as a synchronization layer that monitors database write-ahead logs to provide change data capture and pushes updates to authorized clients via WebSockets. The project features a real-time presence server for tracking the online status of active users and a broadcast service for sending ephemeral messages without database persistence. It organizes communication through channel-based message routing and uses a structured JSO
Enforces data access controls by mapping client identities to database security policies during the streaming process.
Hazelcast is a distributed data platform that combines an in-memory data grid with a stream processing engine to support real-time analytics and event-driven applications. It functions as a partitioned, distributed key-value store that replicates data across cluster nodes to provide low-latency access and high availability. The platform also serves as a distributed SQL query engine, allowing users to execute standard SQL statements against both in-memory datasets and external data sources. What distinguishes Hazelcast is its use of a distributed consensus subsystem to maintain strongly consis
Provides exclusive locks, semaphores, and countdown latches to synchronize threads and control access to shared resources.
Serial Studio is a desktop application for connecting to, decoding, visualizing, and recording data from hardware devices over multiple communication protocols. It functions as an embedded device debugging toolkit that ingests live data from Serial, Bluetooth, CAN, Modbus, MQTT, and network sockets into a unified dashboard, while also serving as a programmatic automation platform with over 320 commands exposed over TCP, gRPC, and MCP for external control. The application distinguishes itself through a scriptable frame pipeline that routes incoming bytes through configurable detection, decodin
Locks a project file to show a read-only dashboard, disabling connection control and device writes for production use.
Places a note into read-only mode to prevent accidental edits or deletion until it is manually unlocked.
Hibernate ORM ist ein Java-Object-Relational-Mapper und eine vollständige Implementierung der Jakarta Persistence API. Es dient als SQL-Datenbank-Abstraktionsschicht, die Java-Objektmodelle in relationale Datenbankschemata übersetzt, um Datenpersistenz und Lebenszyklen zu verwalten. Das Framework zeichnet sich durch ein Multi-Tenant-Datenisolations-Framework zur Trennung von Kundendaten innerhalb einer einzigen Datenbankinstanz aus. Es verfügt zudem über einen Datenbankschema-Generator, der automatisch relationale Strukturen basierend auf Entity-Mappings erstellt und aktualisiert. Das System deckt breite Funktionsbereiche ab, darunter Transaktionsmanagement, Concurrency-Locking-Kontrolle und temporale Datenverfolgung für Audit-Logging. Es bietet Tools zur Optimierung des Datenabrufs durch Entity-Graph-Strategien und unterstützt fortgeschrittene Datentypen wie Vektordaten und nationalisierte Zeichen. Das Projekt enthält eine umfassende Suite von Test-Utilities für die Persistenzschicht, einschließlich Datenbank-Dialekt-Filterung und Compliance-Tests für Spezifikationen.
Provides capabilities to restrict access to individual data records based on user identity or permissions.
This project is a reference implementation of Domain-Driven Design, Clean Architecture, and Command Query Responsibility Segregation (CQRS) patterns using the Go programming language. It serves as a sample application to demonstrate how to decouple core domain rules from infrastructure and delivery mechanisms. The system is built as a gRPC microservices architecture, utilizing type-safe communication and service contracts. It implements an event-driven architecture to manage eventual consistency and asynchronous processing, specifically employing the Outbox pattern to ensure reliable messagin
Prevents data conflicts using optimistic locking with version numbers to ensure consistent record modifications.
Bookshelf is a JavaScript ORM for Node.js that provides a structured way to define and interact with database models. It centers on a model-driven approach where developers register models, define their relations, and manage data persistence through a consistent interface. The library distinguishes itself through its comprehensive handling of model relationships and data transformations. It supports defining one-to-one, one-to-many, many-to-many, and polymorphic associations, with the ability to eager load related models in a single query to avoid performance pitfalls. Bookshelf also automate
Applies row-level locks (for update or for share) when fetching inside a transaction.