Row Level Security
Protect your Supabase database.
One of, if not THE most important part of setting up a Supabase database is Row Level Security. If you do not enable this, everyone will be able to update your database if they have your project url and anon public key.
Row Level Security — the name says it all, is a security measure for your database & tables. Based on the RLS (Row Level Security) setup of your table, you can protect and guide access to this table. For instance, you will be able to define that only 'Authenticated' users can query a table.
In Supabase, there is a User Management starter. This option is nice if you want to implement a single user/entity application, but doesn't cut it when you want to create teams and team members. That is why Row Level Security is also more difficult to set up.
Imagine a project where you can say for one user if they can access it. You can define this based on their ID. If you do the same exercise for a team, you must check both ID and Team ID. I can talk for ages regarding Row Level Security setup. Which is why we have made a query for it!
- Open Supabase
- Log in to your project
- Open the SQL Editor
- Then select
+ New query
New blank query
- Open the Untitled query dropdown
- Enter the name of the text document:
3. Create Row Level Security for Tables
- Paste the SQL statement of the text document in the Text Editor
This part is different from the previous two pages. Unfortunately we are not able to run the code all at once. Meaning we have to repeat the code below until we have completed the complete statement.
- Select a single query
- Then select
Run CTRLor press CTRL + Enter
- If everything went well you should see the result
Success. No rows returned
- Continue step 10 until all queries are finished
Make sure that all initial policies for Row Level Security are created:
- Company: 3
- Company_info: 1
- Members: 1
- Todos: 3
- User: 2
- User_info: 1
- User_roles: 2
On top of that, make sure that all tables have Row Level Security enabled.