what should my policy look like?
hey guys, if i'm using the auth schema that supabase uses for users table, change a specific user's role to 'admin'. The users are signing up through a provider of that adds anything.
what should my policy look like so that only an admin is able to interact with my bucket?
here's what i have and i can't get it to work when i try uploading:
i keep getting the following error when uploading from my page.svelte file:
```"new row violates row-level security p
12 Replies
You can't just change the user role to anything you want. It is used to set up the postgres user role (anon, authenticated and service_role) and those are postgres roles if you look in database roles tab of the dashboard.
I thought we could? I ran a sql update command and it changed the role column on the row I wanted
You would have to create a new postgres role called admin. This link covers all that is involved in using custom postres roles and it is alot. https://github.com/orgs/supabase/discussions/11948
GitHub
CLS RBAC - Assigning PG_roles to logged users · supabase · Discussi...
Following up on a Twitter discussion. Our setup is a JS frontend + cloud-based Supabase. We have implemented column level security (CLS) role based access control (RBAC) in our Postgres database by...
You should not modify the auth schema columns except for user and app metadata if you don't know the impact.
Ahh okay then, I’ll definitely have a look at this
Not many users go this way.
So what should be my approach for what I want to do? I want to give a particular user admin access to specific routes and abilities.
That admin user probably can't access the database now.
That “admin” user is me hahaaa
You will probably get an error if you try to read a table in the database.
Three ways are:
custom-claims in the jwt https://github.com/supabase-community/supabase-custom-claims
A roles table then use RLS on that table.
And creating Postgres roles and using the auth.role column but you have to do a bit of work to allow the role to be used (as pointed out in my first on link on RBAC).
It is very difficult to have multiple roles with this method. And you have to grant several roles to each other in Postgres for it to work well.
I'm working on a roles table method "guide" and although it is fairly straight forward way to do roles, I just started on it. So you can look here https://github.com/GaryAustin1/custom-properties but it is 3 days old an hours since last update.
If you search on
custom roles up top you will find many many discussions on the three methods with jwt claims being the most common in the past.Ahh okay, thank you so much. I’ll take a look at all this!
For anyone wondering what I did to handle this, I did the following:
1. create my own public table that my app will refer to and has an isAdmin column that defaults to false
2. create function that populates needed fields from auth.users
3. create a trigger on the auth.users table that activates after every insert
the following video explains how to do it: https://www.youtube.com/watch?v=mcrqn77lUmM
Daily Web Coding
YouTube
Fixed supabase trigger
In this video I am going to show you how to fix create supabase trigger from auth.users table.
sql:
- create trigger: create trigger trigger_name after insert on auth.users for each row execute function function_name();
- delete trigger: drop trigger if exists trigger_name on auth.users;
Support the channel : 🙏🌸
- donate 🌻: https://www....