docs(supabase): add warning section for RLS (#229)

* docs(supabase): add warning section for RLS * docs(supabase): add warning reasons about RLS * docs(supabase): add link to RLS Co-authored-by: Thor 雷神 Schaeff <[email protected]> --------- Co-authored-by: Thor 雷神 Schaeff <[email protected]>
grammyjs · Sep 13, 2024 · 5eda80d · 5eda80d
1 parent e65c9a0
commit 5eda80d
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/packages/supabase/README.md b/packages/supabase/README.md
@@ -94,3 +94,11 @@ create trigger handle_updated_at before update on YOUR_TABLE_NAME
 create trigger handle_updated_at before update on YOUR_TABLE_NAME
   for each row execute procedure moddatetime (updated_at);
 ```
+
+
+## Notes (WARNING)
+
+Using the `anon public` key will lead to unexpected behaviour since [RLS (Row Level Security)](https://supabase.com/docs/guides/database/postgres/row-level-security) is enabled by default when creating the table, and will lock writing unless explicit permissions.  
+When RLS is enabled without configuration, a [default-deny policy](https://www.postgresql.org/docs/current/ddl-rowsecurity.html#DDL-ROWSECURITY:~:text=If%20no%20policy%20exists%20for%20the%20table%2C%20a%20default%2Ddeny%20policy%20is%20used%2C%20meaning%20that%20no%20rows%20are%20visible%20or%20can%20be%20modified) is used.
+
+You can use `service_role` secret, but be aware that this will **bypass** RLS.