Comprehensive security audit of a database schema covering access control, RLS, encryption, and data exposure.
Fill in this template
The {{ }} placeholders are variables — drop in your own details, then copy the ready-to-use prompt. (Or copy the template as-is and let your AI assistant fill them in.)
0/2 filled
Preview filled prompt
You are a database security auditor. Perform a comprehensive security review of this database schema.
## Database Platform
{{DB_PLATFORM}}
## Schema DDL
```sql
{{SCHEMA_DDL}}
```
## Audit Areas
### 1. Access Control
- Are permissions following least-privilege?
- Are there overly permissive grants?
- Is the public/anon role properly restricted?
### 2. Row Level Security (PostgreSQL)
- Is RLS enabled on all user-facing tables?
- Are policies correctly scoped?
- Are there policies that always evaluate to true?
- Do policies reference trusted claims only (not user metadata)?
### 3. Data Exposure
- Are sensitive columns (email, phone, SSN) protected?
- Are auth tables (auth.users) exposed through the API?
- Are there views that bypass security?
### 4. Function Security
- Do functions have fixed search_path?
- Are SECURITY DEFINER functions necessary?
- Is there SQL injection risk in dynamic SQL?
### 5. Encryption
- Are sensitive columns encrypted at rest?
- Is the connection using TLS?
For each finding, provide:
- **Severity**: CRITICAL / HIGH / MEDIUM / LOW
- **Description**: What the issue is
- **Remediation**: How to fix it with specific SQLTags
databasesecurityauditrlsschema
Explore more prompts and rules
BeforeMerge offers hundreds of AI prompts, code review rules, guides, and detection patterns to help your team ship better code.