01.29.2022 - Supabase/Row Level Security with application user

All posts

Posted On 01.29.2022

In Postgres, tables can have Row Level Security that restrict the user’s action on each row.

With Supabase, we can create a policy that matched the current logged in user, this user is from the application level, not the database user:

create policy "Users can update their own profiles."
  on profiles for update using (
    auth.uid() = id
  );

The auth.uid() here is just a Postgres function provided by Supabase to extract the application’s current user. See its implementation here: supabase/auth-schema.sql#Line 77-78.

What’s next?