SupabaseS
Supabase4y ago
juanvilladev

RLS and auth.uid()

Hey guys, I'm trying to figure out the following please:

When I enable the following policy for a table (security_group_assignment) on SELECT,
(auth.uid() = profile_id)


When I select data from that table and include a column from another table such as:
SELECT security_group.name, security_group_assignment.id, security_group_assignment.profile_id
FROM security_group_assignment JOIN security_group
ON security_group.id = security_group_assignment.security_group_id
WHERE security_group.name = 'variablename'


I would expect to ONLY get back the rows that match the security_group.name AND match the calling users UID with the profile_id.

However, even when the name doesn't match, I get back a row with the following data?
{
id: 2
profile_id: "28fsd-0a9a-Pfadsf-98dc-1490b9725a80"
security_group: null


If the security_group is null, why is it even returning that row?? I would expect this to return no rows.

Here is the supabase client call:
  const { data, error } = await supabase
    .from("security_group_assignment")
    .select(`security_group ( name ), id, profile_id`)
    .eq("security_group.name", securityGroupName);
Was this page helpful?