Skip to content
Back

Query multi-tenant db with $permissions as attribute

  • 0
  • 1
  • Databases
Joey Joe Joe
15 Mar, 2026, 18:25

I'm setting up a multi-tenant database with RLS enabled. My users my have permissions set for multiple Teams, and as such when they query the database with the default $permissions set, they'll end up seeing data for multiple teams in one request.

When trying to query my TablesDB.listRows call to include a Query.contains for $permissions and my team ID (team:${getTeamId()}), I get "Attribute not found in schema: $permissions.

Is the assumption that $permissions isn't a queriable row attribute? Is there any way to handle multi-tenancy without having to update every single table to have a "tenant_id" column?

TL;DR
Issue: Unable to query multi-tenant database using $permissions as attribute due to it not being queryable in the table schema. Solution: To handle multi-tenancy in a single database, introduce a tenant identifier like team_id and use it with RLS policies for properly scoped queries.Assistant offers to help set up and implement this approach.
15 Mar, 2026, 19:23

I can help with that. The issue is that $permissions isn’t a queryable attribute in the table schema it’s only used internally by the RLS engine to control access, so Query.contains() can’t filter on it. That’s why you’re getting the “Attribute not found in schema” error. For multi-tenancy, the usual approach is to store something like a team_id (tenant_id) column in the rows and apply queries or RLS rules based on that. Without a tenant column, the database can’t filter results per team during queries. Quick question: are you using a single database for all teams or separate collections/tables per team?

15 Mar, 2026, 19:37

Gotcha. Currently I'm just using a single database for all teams, so all users and thus all teams interface with the same database and tables

15 Mar, 2026, 19:46

Got it, that makes sense. When everything is in a single database like that, the cleanest way to handle multi-tenancy is usually by introducing a tenant/team identifier and using it with RLS policies so queries stay properly scoped. I’ve helped set up similar multi-tenant structures before, so I can walk you through the best approach and help implement it without breaking your current setup. If you want, feel free to DM me and we can go through your schema and permissions together.

Reply

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more