RLS Violation

Hey guys, I just started using supabase and I am having some trouble. I created a form where users can sign up and it adds them to the authentication users table but I created a Users table in public which should store some additional information. I added RLS to it but whenever I try creating an account this gets printed: new row violates row-level security policy for table "Users". I have added photos of the policies I am using for the Users table, any help would be really appericated.

garyaustin•7/2/25, 2:38 PM

How are you adding data to the table?
Do you have a signed in user session when you make the call? You can use auth.getSession to check or I believe the API Gateway log has an authentication section that shows what user is making the request.

Ggaryaustin How are you adding data to the table? Do you have a signed in user session when ...

WiseDolphinOP•7/2/25, 2:39 PM

Sorry I am very new to supabase and this whole stuff, what do you mean exactly

garyaustin•7/2/25, 2:41 PM

How are you adding data to your Users table?

WiseDolphinOP•7/2/25, 2:41 PM

for the insert, here is my code
const handleSubmit = async (e: React.FormEvent) => {
e.preventDefault();

if (!validateForm()) {
return;
}
setIsLoading(true);

try {
const { data: authData, error: authError} = await supabase.auth.signUp({
email,
password,
});
if (authError) throw authError;

if (!authData.user) throw new Error('User creation failed');

const {error: dbError } = await supabase.from('Users').insert({
id: authData.user.id,
username: username,
name: name,
});
if (dbError) throw dbError;

setSubmitMessage('Account created successfully! Please check your email to verify your account.');
setEmail('');
setPassword('');
setName('');
setUsername('');
}
catch (error: any) {
console.error('Signup error:', error);
setSubmitMessage(error.message || 'An error occurred during signup. Please try again.');
}
finally {
setIsLoading(false);
}
};

garyaustin•7/2/25, 2:41 PM

Are you requiring the user to confirm their email?

WiseDolphinOP•7/2/25, 2:41 PM

I disabled that feature as I wanted to make sure its working rn

garyaustin•7/2/25, 2:43 PM

The code you are showing will not work in "real life" as signup does not return a user session if you want to confirm their email is real, which you do. It might work for testing if you have that off as then signup does return a session.

garyaustin•7/2/25, 2:44 PM

Go to the dashboard logs session and API Gateway log and look for /rest/v1/Users
You should see an error on it.
Then look in the details and scroll down until you see an authorization section.

WiseDolphinOP•7/2/25, 2:46 PM

Ok let me see

Ggaryaustin Go to the dashboard logs session and API Gateway log and look for /rest/v1/Users...

WiseDolphinOP•7/2/25, 2:48 PM

Ya it saws its invalid

Ggaryaustin The code you are showing will not work in "real life" as signup does not return ...

WiseDolphinOP•7/2/25, 2:49 PM

Okay what would be the alternative to this then?

WiseDolphinOP•7/2/25, 2:49 PM

regarding the code

WiseDolphinOP•7/2/25, 2:49 PM

or are you just saying that email vertification needs to be on in real life (which I understand)

garyaustin•7/2/25, 2:50 PM

That does say you have an authenticated user.

The normal way is using this process:
https://supabase.com/docs/guides/auth/managing-user-data
That sets up a trigger on auth.users when a new user is created and you pass your data in as part of signUp data option. It populates your public table for you.

WiseDolphinOP•7/2/25, 2:53 PM

When looking at my table the Users table in public

WiseDolphinOP•7/2/25, 2:53 PM

it is designed like this

WiseDolphinOP•7/2/25, 2:53 PM

shouldnt this get the uid from auth as well?

WiseDolphinOP•7/2/25, 2:54 PM

Also I would like to add that it does create a user in the auth table, just has an error in the Users table

WiseDolphinOP•7/2/25, 2:57 PM

So what is wrong in my policies then?

garyaustin•7/2/25, 2:59 PM

Ahh...
You used restrictive. You really should never use that. Permissive is the default and simpler method.

WiseDolphinOP•7/2/25, 2:59 PM

could you tell me the difference between using permissive and restrictive

WiseDolphinOP•7/2/25, 2:59 PM

cus isnt restrictive more secure?

WiseDolphinOP•7/2/25, 3:00 PM

also is that the case for all policies?

garyaustin•7/2/25, 3:01 PM

Always use permissive.

garyaustin•7/2/25, 3:02 PM

That means you are allowing a user that meets the policy to have access. No policies and no access.

garyaustin•7/2/25, 3:03 PM

Restrictive means you are blocking a specific user or type of user. But it also requires first a permissive policy that it then "subtracts" from.

WiseDolphinOP•7/2/25, 3:03 PM

Ohhhhhhhh

WiseDolphinOP•7/2/25, 3:03 PM

Okay I get

garyaustin•7/2/25, 3:04 PM

I don't even look at that part of a policy when helping people as it is so rarely used and the issue is usually something else.

WiseDolphinOP•7/2/25, 3:04 PM

WiseDolphinOP•7/2/25, 3:05 PM

Thank you for all your help man

WWiseDolphin for the insert, here is my code const handleSubmit = async (e: React.FormEvent) ...

Tariq•7/2/25, 3:26 PM

Ideally youd want to use a trigger function so Supabase automatically populates the Users table for you whenever a new user is created in auth

TTariq Ideally youd want to use a trigger function so Supabase automatically populates ...

WiseDolphinOP•7/2/25, 3:28 PM

ah okay thank you

TTariq Ideally youd want to use a trigger function so Supabase automatically populates ...

WiseDolphinOP•7/2/25, 5:57 PM

Yo I tried to make the trigger function but it does not populate my Users table.

TTariq Ideally youd want to use a trigger function so Supabase automatically populates ...

WiseDolphinOP•7/2/25, 5:57 PM

Do you know what the issue is?

WiseDolphinOP•7/2/25, 5:58 PM

or @garyaustin if you know

WWiseDolphin Yo I tried to make the trigger function but it does not populate my Users table.

Tariq•7/2/25, 6:06 PM

I think youre watching the wrong table

Tariq•7/2/25, 6:06 PM

is the "Users" table part of Auth or is that the custom table you yourself made?

garyaustin•7/2/25, 6:07 PM

Tariq is correct you are putting your trigger on Users and not auth.users as the guide suggests.

garyaustin•7/2/25, 6:08 PM

Also you really should not use capital letters for names of things in Postgres.
Where you have public.Users in your code has to be public."Users" because of that. All tables or columns with capitals have to be in double quotes.

Ggaryaustin Tariq is correct you are putting your trigger on Users and not auth.users as the...

Tariq•7/2/25, 6:12 PM

Do they let you watch the auth.users table? Because I cant find it in the select field

Tariq•7/2/25, 6:12 PM

When i did it I wrote the trigger manually with the sql editor

garyaustin•7/2/25, 6:12 PM

You add the trigger thru SQL.

garyaustin•7/2/25, 6:13 PM

Sort of a minimal test of should you be adding something to a reserved schema I guess.

Tariq•7/2/25, 6:13 PM

i see

WiseDolphinOP•7/2/25, 6:25 PM

Okay I understand, would I also create the function in SQL

WiseDolphinOP•7/2/25, 6:25 PM

or is the trigger neough

WiseDolphinOP•7/2/25, 6:25 PM

enough

WiseDolphinOP•7/2/25, 6:27 PM

RLS Violation

Similar Threads

Similar Threads

Similar Threads