Supabase RLS Patterns (the 5 that cover 90%)
Row-Level Security patterns: owner-only, public-read, admin, role-based, org-scoped
Supabase RLS Patterns (the 5 that cover 90%)
1. Owner-only
2. Public-read, owner-write
3. Admin bypass
4. Role-based (membership in a table)
5. Organization-scoped (single role)
RLS pitfalls (read this before deploying)
Quick policy review checklist
# Supabase RLS Patterns (the 5 that cover 90%) Postgres Row-Level Security on Supabase, in patterns. Each one shows the schema assumption, the policy, and when to use it. All examples assume `auth.uid()` returns the current user's UUID (Supabase default). ## 1. Owner-only **The most common pattern.** A row has an owner; only the owner can read or write. ```sql create table notes ( id uuid primary key default gen_random_uuid(), user_id uuid not null references auth.users(id) on delete cascade, body text not null, created_at timestamptz not null default now() ); alter table notes enable row level security; create policy "owners read their notes" on notes for select using (user_id = auth.uid()); create policy "owners write their notes" on notes for insert with check (user_id = auth.uid()); create policy "owners update their notes" on notes for update using (user_id = auth.uid()) with check (user_id = auth.uid()); create policy "owners delete their notes" on notes for delete using…
By @meliwat - License: -
Raw markdown