diff --git a/postgrest.cabal b/postgrest.cabal
--- a/postgrest.cabal
+++ b/postgrest.cabal
@@ -2,7 +2,7 @@
 description:           Reads the schema of a PostgreSQL database and creates RESTful routes
                        for the tables and views, supporting all HTTP verbs that security
                        permits.
-version:               0.2.9.1
+version:               0.2.10.0
 synopsis:              REST API for any Postgres database
 license:               MIT
 license-file:          LICENSE
diff --git a/src/PostgREST/App.hs b/src/PostgREST/App.hs
--- a/src/PostgREST/App.hs
+++ b/src/PostgREST/App.hs
@@ -120,9 +120,9 @@
               login <- signInRole (cs $ userId u)
                               (cs $ userPass u)
               case login of
-                LoginSuccess role ->
+                LoginSuccess role uid ->
                   return $ responseLBS status201 [ jsonH ] $
-                    encode . object $ [("token", String $ tokenJWT jwtSecret (cs $ userId u) role)]
+                    encode . object $ [("token", String $ tokenJWT jwtSecret uid role)]
                 _  -> return $ responseLBS status401 [jsonH] $
                   encode . object $ [("message", String "Failed authentication.")]
 
diff --git a/src/PostgREST/Auth.hs b/src/PostgREST/Auth.hs
--- a/src/PostgREST/Auth.hs
+++ b/src/PostgREST/Auth.hs
@@ -40,12 +40,13 @@
     , "role" .= userRole u ]
 
 type DbRole = Text
+type UserId = Text
 
 data LoginAttempt =
     NoCredentials
   | MalformedAuth
   | LoginFailed
-  | LoginSuccess DbRole
+  | LoginSuccess DbRole UserId
   deriving (Eq, Show)
 
 checkPass :: Text -> Text -> Bool
@@ -57,6 +58,15 @@
 resetRole :: H.Tx P.Postgres s ()
 resetRole = H.unitEx [H.stmt|reset role|]
 
+setUserId :: Text -> H.Tx P.Postgres s ()
+setUserId uid = if uid /= "" then
+  H.unitEx $ B.Stmt ("set user_vars.user_id = " <> cs (pgFmtLit uid)) V.empty True
+else
+  resetUserId
+
+resetUserId :: H.Tx P.Postgres s ()
+resetUserId = H.unitEx [H.stmt|reset user_vars.user_id|]
+
 addUser :: Text -> Text -> Text -> H.Tx P.Postgres s ()
 addUser identity pass role = do
   let Just hashed = unsafePerformIO $ hashPasswordUsingPolicy fastBcryptHashingPolicy (cs pass)
@@ -66,20 +76,23 @@
 
 signInRole :: Text -> Text -> H.Tx P.Postgres s LoginAttempt
 signInRole user pass = do
-  u <- H.maybeEx $ [H.stmt|select pass, rolname from postgrest.auth where id = ?|] user
+  u <- H.maybeEx $ [H.stmt|select id, pass, rolname from postgrest.auth where id = ?|] user
   return $ maybe LoginFailed (\r ->
-      let (hashed, role) = r in
+      let (uid, hashed, role) = r in
       if checkPass hashed pass
-         then LoginSuccess role
+         then LoginSuccess role uid
          else LoginFailed
     ) u
 
 signInWithJWT :: Text -> Text -> LoginAttempt
 signInWithJWT secret input = case maybeRole of
-    Just (Just (String role)) -> LoginSuccess $ cs role
+    Just (Just (String role)) -> case maybeUserId of
+      Just (Just (String uid)) -> LoginSuccess (cs role) (cs uid)
+      _   -> LoginFailed
     _   -> LoginFailed
   where 
     maybeRole = (Data.Map.lookup "role" <$> claims) ::Maybe (Maybe Value)
+    maybeUserId = (Data.Map.lookup "id" <$> claims) ::Maybe (Maybe Value)
     claims = JWT.unregisteredClaims <$> JWT.claims <$> decoded
     decoded = JWT.decodeAndVerifySignature (JWT.secret secret) input
     
diff --git a/src/PostgREST/Middleware.hs b/src/PostgREST/Middleware.hs
--- a/src/PostgREST/Middleware.hs
+++ b/src/PostgREST/Middleware.hs
@@ -20,7 +20,7 @@
 import Network.URI (URI(..), parseURI)
 
 import PostgREST.Config (AppConfig(..))
-import PostgREST.Auth (LoginAttempt(..), signInRole, signInWithJWT, setRole, resetRole)
+import PostgREST.Auth (LoginAttempt(..), signInRole, signInWithJWT, setRole, resetRole, setUserId, resetUserId)
 import Codec.Binary.Base64.String (decode)
 
 import Prelude
@@ -35,8 +35,8 @@
       return $ responseLBS status400 [] "Malformed basic auth header"
     LoginFailed ->
       return $ responseLBS status401 [] "Invalid username or password"
-    LoginSuccess role -> if role /= currentRole then runInRole role else app req
-    NoCredentials ->     if anon /= currentRole then runInRole anon else app req
+    LoginSuccess role uid -> if role /= currentRole then runInRole role uid else app req
+    NoCredentials         -> if anon /= currentRole then runInRole anon "" else app req
 
  where
    jwtSecret = cs $ configJwtSecret conf
@@ -54,11 +54,13 @@
         return $ signInWithJWT jwtSecret jwt
       _ -> return NoCredentials
 
-   runInRole :: Text -> H.Tx P.Postgres s Response
-   runInRole r = do
+   runInRole :: Text -> Text -> H.Tx P.Postgres s Response
+   runInRole r uid = do
+     setUserId uid
      setRole r
      res <- app req
      resetRole
+     resetUserId
      return res
 
 
diff --git a/src/PostgREST/PgQuery.hs b/src/PostgREST/PgQuery.hs
--- a/src/PostgREST/PgQuery.hs
+++ b/src/PostgREST/PgQuery.hs
@@ -175,6 +175,7 @@
             "like" -> unknownLiteral $ T.map star value
             "ilike" -> unknownLiteral $ T.map star value
             "in" -> "(" <> T.intercalate ", " (map unknownLiteral $ T.split (==',') value) <> ") "
+            "@@" -> "to_tsquery(" <> unknownLiteral value <> ") "
             _    -> unknownLiteral value
 
     op = case opCode of
@@ -189,6 +190,7 @@
          "in"  -> "in"
          "is"    -> "is"
          "isnot" -> "is not"
+         "@@" -> "@@"
          _     -> "="
 
 orderParse :: Net.Query -> [OrderTerm]
