« All posts

01.29.2022 - Supabase / Row Level Security with application user

In Postgres, tables can have Row Level Security that restrict the user’s action on each row.

With Supabase, we can create a policy that matched the current logged in user, this user is from the application level, not the database user:

create policy "Users can update their own profiles."
  on profiles for update using (
    auth.uid() = id
  );

The auth.uid() here is just a Postgres function provided by Supabase to extract the application’s current user. See its implementation here: supabase/auth-schema.sql#Line 77-78.

What’s next?

Read more