Show HN: ZenStack – DSL to define data and access rules closer to the database

Y	Hacker News new \| ask \| show \| jobs

	Show HN: ZenStack – DSL to define data and access rules closer to the database (github.com)
	19 points by jiashenggo 997 days ago
	We're excited to announce the launch of ZenStack V1 after a year of refinement. With ZenStack, we introduce ZModel, a domain-specific language (DSL) that simplifies the definition of data and access rules, bringing it closer to the database level. This eliminates the need for extensive, repetitive coding on the application side. We would love to hear your feedback and opinions on it. Thank you!

3 comments

marvin999 997 days ago

Interesting. My initial feeling is this is weird - acl in ORM. But it kinda makes sense with a second thought. Rules are closer to the source of the problem (schema). It can probably remove lots of headaches securing things at an upper layer. Not sure how well this scales when you have tons of rule though.

Is there any plan for Drizzle support?

link

jiashenggo 997 days ago

Thank you for the recognition. We have some production users who have hundreds of policy rules. While they mentioned that having visual tools for new users to quickly understand the policy would be beneficial, overall it is functioning well. They state that it is more transparent and efficient compared to the traditional approach.

The current approach relies on schema and code generation, which is not possible in Drizzle. We could have used decorators and string literals to achieve this, but that would negatively impact the developer experience. Therefore, at least for now it's not in our plan.

link

ThatDumbGirl 997 days ago

I have the same thought on this as we are on Drizzle too

link

rco8786 997 days ago

> It supercharges Prisma ORM with a powerful access control layer and unleashes its full potential for full-stack development.

I’m sure this is a cool project (and I’m gonna dig in a bit more) but…come on. Let’s tone it down a bit.

edit

Ok dig in a bit more. Seems interesting. Is it fair to say this could be a self hosted alternative to supabase? The way that it uses row level security policies to enable querying the db directly from the client seems 1:1 with this, but with the additional benefit of getting to use Prisma.

link

ymc9 997 days ago

Hi, I'm the co-creator of this toolkit. Yes, in many ways ZenStack can be considered as an alternative to Supabase. The main differences are:

- At runtime, it's a library that runs inside your current framework (Next.js, Express, etc.), so no extra hosting is needed.

- It doesn't embed a database. You bring your own - any DB supported by Prisma.

One thing that goes beyond Supabase/PostgresRLS is that it supports column-level security as well. You can write rules to control CRUD permissions at the field level. This provides a much finer-grained control granularity.

And, yes, the DX of Prisma is a very good thing to have :D.

link

rco8786 994 days ago

Very cool. Thanks for following up!

link

simonxxxx 997 days ago

Wow! Really excited to see the V1 release!

link