RLS x API keys x Role
Hey everyone,
I realized I'm very confused by the API keys x Role when it comes to RLS.
Here's my app structure:
- Web UI (frontend + BFF), handling login (OTP), signup and Stripe subscriptions
- API, handling long running tasks and CRUD operations on the entities
Both services use the service API key. Locally, I have RLS errors on INSERT on tables without policies, and no errors on other tables.
I'm very confused between the anon/authenticated roles vs the API key and I do not manage to resolve the RLS error, except by disabling it which I understand is no good idea.
In production, the same code runs fine, without policies needed, just RLS enabled on the same tables.
Thanks!
I realized I'm very confused by the API keys x Role when it comes to RLS.
Here's my app structure:
- Web UI (frontend + BFF), handling login (OTP), signup and Stripe subscriptions
- API, handling long running tasks and CRUD operations on the entities
Both services use the service API key. Locally, I have RLS errors on INSERT on tables without policies, and no errors on other tables.
I'm very confused between the anon/authenticated roles vs the API key and I do not manage to resolve the RLS error, except by disabling it which I understand is no good idea.
In production, the same code runs fine, without policies needed, just RLS enabled on the same tables.
Thanks!
