Skip to main content

7. Conclusion

Congratulations! You have built a secure, enterprise-grade ERP backend using django-rls.

What We Achieved

  1. Strict Isolation: Enforced by the database, impossible to bypass in views.
  2. Complex Hierarchy: Solved cleanly with SQL Recursive CTEs.
  3. Dynamic Access: Solved with Context Processors (Auditors).
  4. Granular Control: Solved with ACL lookups.

Key Takeaways

  • Logic in Database: By moving security logic to the model definition, your views become simpler and your app becomes more secure by default.
  • Permissive Composition: Policies are combined with OR. This allows you to layer rules (Dept Rule OR Auditor Rule OR ACL Rule).
  • Performance: Subqueries and CTEs are generally very efficient in PostgreSQL, often more so than complex Python-side filtering + multiple round trips.

Next Steps

  • Check out the API Reference for all ModelPolicy options.
  • Explore Multi-Tenancy Guide for more isolation patterns.
  • Deploy to production! (Remember to run python manage.py enable_rls in your deployment pipeline).