Server-side permission
Hello,
I built a REST API server for more complex queries that requires some validation.
My users, thanks to RSL, can do READONLY directly on the supabase.
Now, my server, I would like to make it do some update operations.
Do I have to use the secret service_role on my server to make these requests?
Or, is there a way to secure (instead of giving all rights everywhere...) the permissions of my server on the database? (For example, an API_KEY that is linked to another role for which I can apply other RSL?)
Thanks for helping
I built a REST API server for more complex queries that requires some validation.
My users, thanks to RSL, can do READONLY directly on the supabase.
Now, my server, I would like to make it do some update operations.
Do I have to use the secret service_role on my server to make these requests?
Or, is there a way to secure (instead of giving all rights everywhere...) the permissions of my server on the database? (For example, an API_KEY that is linked to another role for which I can apply other RSL?)
Thanks for helping
