Custom current_user metadata

Continuing the discussion from Is it possible to check if a user has access to a specific application using email and uuid?:

We are currently working in the Cloud but will be moving on prem (hopefully) soon. I have a need to associate metadata with some of my users. Given the thread linked above, can I assume that, once we are on prem, we would have the ability to add metadata to user accounts that could then be accessed using current_user?

Use case: We are building an app that will be a "self service" portal for customers to submit documents, see the status of same, etc. In order to allow this, I need to know which customer the user is associated with so that I can use their "customer code" to run my queries and display their own documents only. At the moment (Cloud) I don't see a clean way to do this but I'm hopeful that it can be accomplished once I have access to the user table.

If there IS a way to do this in the Cloud, I'm all ears, of course! Thanks!

My personal preference is to keep my app user data totally separate from the retool user data and create my own global "user" object for RBAC to features within the app and account access

+1 to @dcartlidge's recommendation! There's a doc here on using row-level security in Retool. Of particular note, there is that you have the ability to prevent variable spoofing in your queries.

With that, you can prevent any references to {{ current_user }} from being spoofed in your queries, meaning you can construct your own metadata table and query it when needed.

Does that seem like it could work?