# BetweenRows > Documentation A fully customizable data access governance layer — install, configure, and operate the SQL-aware proxy that enforces fine-grained access policies in real-time. ## Table of Contents ### Start - [Introduction](/start/introduction.md): BetweenRows is a fully customizable data access governance layer — a SQL-aware proxy that enforces fine-grained access policies across your databases, warehouses, and lakehouses. - [Quickstart](/start/quickstart.md): Install BetweenRows, connect a data source, write a policy, and verify it — in under 15 minutes. - [Demo Schema](/reference/demo-schema.md): The canonical demo_ecommerce schema used in all guides — tables, columns, sample data, personas, and setup instructions. ### Concepts - [Architecture](/concepts/architecture.md): How BetweenRows is structured — the two-plane design, request lifecycle, and trust boundaries between the admin and data planes. - [Policy Model](/concepts/policy-model.md): The philosophy behind BetweenRows — zero-trust defaults, deny-wins, visibility-follows-access, and how policies compose. - [Security Overview](/concepts/security-overview.md): For security and compliance reviewers — what BetweenRows is designed to protect against, what it is not, trust boundaries, and the deployment checklist. - [Threat Model](/concepts/threat-model.md): Known attack vectors, their defenses, and the tests that verify each defense holds. - [Known Limitations](/operations/known-limitations.md): Current limitations, security trade-offs, and production caveats — what BetweenRows does not do, what it does oddly, and what to avoid in production. - [Glossary](/reference/glossary.md): Standardized terminology for BetweenRows — user attributes, template variables, policy types, access modes, and other key terms. ### Features - [Data Sources](/guides/data-sources.md): Add, configure, and manage PostgreSQL data sources — connection settings, catalog discovery, access modes, credentials, drift, and operational tips. - [Users & Roles](/guides/users-roles.md): Create users, define roles, configure inheritance hierarchies, and manage data source access with RBAC. - [User Attributes (ABAC)](/guides/attributes.md): Define custom attributes, assign values to users, and use them in policy expressions for attribute-based access control. - [Policies](/guides/policies.md): The policy system — five types, how they compose, structural shape, validation rules, and when to use which. - [Audit & Debugging](/guides/audit-debugging.md): Use the query and admin audit logs to debug policy behavior, trace rewritten SQL, and investigate access decisions. #### Policies - [Template Expressions](/reference/template-expressions.md): Reference for variables in row_filter and column_mask expressions — built-in fields, custom attributes, supported SQL syntax, and NULL semantics. - [Decision Functions](/guides/decision-functions.md): Write JavaScript decision functions to conditionally gate policy enforcement — context modes, error handling, and the test harness. ##### Policy Types - [Row Filters](/guides/policies/row-filters.md): Write row_filter policies to restrict which rows each user can see, with template variables and composition patterns. - [Column Masks](/guides/policies/column-masks.md): Write column_mask policies to redact sensitive column values — SSN masking, email redaction, and role-conditional patterns. - [Column Allow & Deny](/guides/policies/column-allow-deny.md): Use column_allow and column_deny policies to control which columns are visible, with glob patterns and access mode interaction. - [Table Deny](/guides/policies/table-deny.md): Use table_deny policies to make entire tables invisible to specific users or roles. ### Guides - [Upgrading](/operations/upgrading.md): Safely upgrade BetweenRows between versions — pin the tag, back up /data, read the changelog, swap the image, verify. - [Backups](/operations/backups.md): What lives in /data, how to snapshot it safely, and how to export policies independently as belt-and-suspenders recovery. - [Troubleshooting](/operations/troubleshooting.md): Common BetweenRows issues and how to diagnose them — connection failures, policy not matching, client compatibility, WASM errors. - [Rename Safety](/operations/rename-safety.md): What breaks when you rename a data source or schema alias, what doesn't, and the safe rename procedure. - [Recipes](/guides/recipes.md): Applied patterns that combine BetweenRows features to solve common real-world access control problems. #### Deployment - [Install with Docker](/installation/docker.md): Run BetweenRows as a Docker container on a single host. Covers the minimum invocation, the full environment variable reference, and volume setup. - [Install on Fly.io](/installation/fly.md): Deploy BetweenRows to Fly.io with a persistent volume, explicit secrets, and IPv6/IPv4 client connectivity. - [Install from Source](/installation/from-source.md): Build BetweenRows from source for development, contributions, or unpackaged platforms. - [Configuration](/reference/configuration.md): Every BetweenRows environment variable, default, and note. Used by the Docker image, Fly.io deployments, and source builds alike. #### Recipes - [Multi-Tenant Isolation with Attributes](/guides/recipes/multi-tenant-isolation.md): The flagship BetweenRows use case — one row_filter policy, an arbitrary number of tenants, driven by user attributes. - [Per-User Exceptions to Role-Level Denies](/guides/recipes/deny-exceptions.md): Grant a single user in a role access to a column that's denied for the rest of the role, without weakening the deny-wins invariant. ### About - [Roadmap](/about/roadmap.md): What's shipped, what's in progress, and what's planned for BetweenRows. Not a commitment — a window into where the project is heading. - [Report an Issue](/about/report-an-issue.md): How to report bugs, request features, and disclose security vulnerabilities for BetweenRows. Security problems must go through the private vulnerability reporting form, not public issues.