protected-procedure-is-not-row-level-authorization

protectedProcedure in tRPC only verifies that a session token is valid — it does not scope queries to the authenticated user’s data. Without explicit WHERE creatorId = session.userId or role checks in every resolver, any authenticated user can read or mutate any other user’s records. Role fields in the schema (admin/member) must also be enforced in router logic, not just stored.

Related

• trpc-protected-procedure-insufficient-for-resource-authoriza
• auth-gate-alone-does-not-mean-authorization
• schema-level-roles-without-router-enforcement-provides-no-se
• trpc-protected-procedure-is-authn-only-not-authz
• trpc-protected-procedure-is-not-authorization