Supabase / Row Level Security with application user
Posted On 01.29.2022
In Postgres, tables can have Row Level Security◹ that restrict the user’s action on each row.
With Supabase, we can create a policy that matched the current logged in user, this user is from the application level, not the database user:
create policy "Users can update their own profiles."
on profiles for update using (
auth.uid() = id
);
The auth.uid()
here is just a Postgres function provided by Supabase to extract the application’s current user. See its implementation here: supabase/auth-schema.sql#Line 77-78◹.
What’s next?
- https://github.com/supabase/supabase/blob/3ec9c7c6499e4a61ca88ceb24aa4d81ee24c39ae/web/docs/guides/auth.mdx#how-it-works◹
- https://github.com/supabase/supabase/blob/23cac64b0c40ab9421108eb830d1b7b35979bd32/web/docs/learn/auth-deep-dive/row-level-security.md◹