Row Level Security

Protect your Supabase database from unwanted and unauthorized access.


One of, if not THE most important part of setting up a Supabase database is Row Level Security. If you do not enable this, everyone will be able to update your database if they have your project url and anon public key.

Row Level Security

Row Level Security — the name says it all, is a security measure for your database & tables. Based on the RLS (Row Level Security) setup of your table, you can protect and guide access to this table. For instance, you will be able to define that only 'Authenticated' users can query a table.

Team based Row Level Security

In Supabase, there is a User Management starter. This option is nice if you want to implement a single user/entity application, but doesn't cut it when you want to create teams and team members. That is why Row Level Security is also more difficult to set up.

Imagine a project where you can say for one user if they can access it. You can define this based on their ID. If you do the same exercise for a team, you must check both ID and Team ID. I can talk for ages regarding Row Level Security setup. Which is why we have made a query for it!

Adding Row Level Security to Supabase

  1. Open Supabase
  2. Log in to your project
  3. Open the SQL Editor
  4. Then select + New query Create a new Supabase SQL query
  5. Select New blank query
  6. Open the Untitled query dropdown
  7. Select Rename query Rename the query
  8. Enter the name of the text document: 3. Create Row Level Security for Tables
  9. Paste the SQL statement of the text document in the Text Editor Enter the code into the Supabase SQL editor

This part is different from the previous two pages. Unfortunately we are not able to run the code all at once. Meaning we have to repeat the code below until we have completed the complete statement.

  1. Select a single query Supabase select a single query for supaboost
  2. Then select Run CTRL or press CTRL + Enter
  3. If everything went well you should see the result Success. No rows returned
  4. Continue step 10 until all queries are finished

Check Policies

Make sure that all initial policies for Row Level Security are created:

  • Company: 3
  • Company_info: 1
  • Members: 1
  • Todos: 3
  • User: 2
  • User_info: 1
  • User_roles: 2

On top of that, make sure that all tables have Row Level Security enabled.

check row level security for supaboost