From 5eda80d5f0dc4232c1affdda6aada6cc0ca3160d Mon Sep 17 00:00:00 2001 From: Mateo Date: Fri, 13 Sep 2024 03:10:37 +0200 Subject: [PATCH] docs(supabase): add warning section for RLS (#229) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * docs(supabase): add warning section for RLS * docs(supabase): add warning reasons about RLS * docs(supabase): add link to RLS Co-authored-by: Thor 雷神 Schaeff <5748289+thorwebdev@users.noreply.github.com> --------- Co-authored-by: Thor 雷神 Schaeff <5748289+thorwebdev@users.noreply.github.com> --- packages/supabase/README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/packages/supabase/README.md b/packages/supabase/README.md index 4852ee81..ff7d0959 100644 --- a/packages/supabase/README.md +++ b/packages/supabase/README.md @@ -94,3 +94,11 @@ create trigger handle_updated_at before update on YOUR_TABLE_NAME create trigger handle_updated_at before update on YOUR_TABLE_NAME for each row execute procedure moddatetime (updated_at); ``` + + +## Notes (WARNING) + +Using the `anon public` key will lead to unexpected behaviour since [RLS (Row Level Security)](https://supabase.com/docs/guides/database/postgres/row-level-security) is enabled by default when creating the table, and will lock writing unless explicit permissions. +When RLS is enabled without configuration, a [default-deny policy](https://www.postgresql.org/docs/current/ddl-rowsecurity.html#DDL-ROWSECURITY:~:text=If%20no%20policy%20exists%20for%20the%20table%2C%20a%20default%2Ddeny%20policy%20is%20used%2C%20meaning%20that%20no%20rows%20are%20visible%20or%20can%20be%20modified) is used. + +You can use `service_role` secret, but be aware that this will **bypass** RLS.