A full-stack system demonstrating Role-Based Access Control (RBAC) and Row-Level Security (RLS) using PostgreSQL, FastAPI, and a custom frontend.
- Role-Based Access Control (RBAC)
- Row-Level Security (RLS / VPD simulation)
- JWT Authentication
- Department-based data isolation
- Location-based access control
- Audit logging (triggers)
- Full-stack integration (Frontend + Backend + DB)
- PostgreSQL
- FastAPI (Python)
- HTML, CSS, JavaScript
- JWT (python-jose)
corporate-vpd-system/
│
├── database/
├── backend/
├── frontend/
├── docs/
└── README.md
Follow these steps exactly.
git clone https://github.com/Samyak05/corporate-secure-database-rbac-rls.git
cd corporate-secure-database-rbac-rls
sudo apt update
sudo apt install postgresql postgresql-contrib
sudo -i -u postgres
psql
Inside psql:
\i database/setup.sql
cd backend
# create virtual environment
python3 -m venv .venv
source .venv/bin/activate
# install dependencies
pip install -r requirements.txt
Create environment file:
cp .env.example .env
Edit .env:
DB_HOST=localhost
DB_PORT=5432
DB_NAME=corporate_db
SECRET_KEY=supersecretkey
ALGORITHM=HS256
Run backend:
uvicorn app.main:app --reload
cd frontend/src
Open:
index.html
Open browser:
http://127.0.0.1:8000/docs
Try:
/login/employees/employees/update-salary
| Role | Username | Password |
|---|---|---|
| HR | hr1 | hrpass |
| Manager | manager1 | managerpass |
| Employee | Alice | emppass |
| Auditor | auditor1 | auditpass |
- Database-level security enforcement (RLS)
- Context-aware access control
- Separation of duties (Auditor role)
- Secure backend integration
- Real-world full-stack architecture
- This is an academic/demo project
- Do not use hardcoded credentials in production
Samyak Gedam