Story: Party isolation RLS policies
Table of Contents
This page documents a story in Sprint 16. It captures the goal, current status, acceptance criteria, and the tasks that compose it.
Goal
Add the missing AS RESTRICTIVE party-isolation RLS policies across IAM / refdata / scheduler / trading subtables; close the visibility gap surfaced by validate_schemas.sh.
Status
| Field | Value |
|---|---|
| State | DONE |
| Parent sprint | Sprint 16 |
| Now | Completed 2026-04-09. |
| Waiting on | None. |
| Next | None. |
| Last touched | 2026-04-09 |
Continued from: Party isolation for books, portfolios, trades (sprint 13). Sprint 13 extended party-level RLS to books / portfolios / trades. This sprint closes the remaining gaps surfaced by validate_schemas.sh.
Acceptance
- All tasks complete; PR-by-PR breakdown in
git log.
Tasks
| Task | State | Start | End | Description |
|---|---|---|---|---|
| Add missing party isolation RLS policies (initial) | DONE | 2026-05-20 | 2026-04-09 | RLS_002 validation surfaced several tables with party_id + tenant RLS but missing AS RESTRICTIVE party policy. Add the policies in iam / refdata / scheduler RLS files; harden trading instrument subtables to enable RLS + tenant isolation. |
| SQL: Add missing party isolation RLS policies | DONE | 2026-05-20 | 2026-04-09 | Final landing: missing RLS party isolation policies across IAM, Refdata, Scheduler, Trading modules; party context service in ores.database + ores.testing; validation_ignore.txt updated. |
Decisions
- Final v0 sprint
- capture everything landed under v0 honestly; this is the closing chapter of v0.
Out of scope
- Anything explicitly carried forward to v1.
See also
None.