SupabaseS
Supabase•6mo ago
Nomad

[Question] Best Practice for RLS Key: Using auth.users.id vs supabase_id Column?

Hi Supabase community! đź‘‹

I’m prototyping a large-scale application and evaluating the best schema design and RLS/RBAC patterns. I came across the official Supabase YouTube tutorial where they add a separate supabase_id column in the public users table to mirror auth.users.id, but for complex, high-traffic systems I’m not sure this is the optimal approach.

Context & Goals:
  • Implement a robust RBAC mechanism where roles (e.g. Admin, Editor, Viewer) control access across multiple schemas and tables.
  • Enforce row-level security so users only see their own data, and roles can override this for administrative operations.
  • Prototype quickly without introducing redundant columns or unnecessary joins.
What I’ve Tried:
  • Following the tutorial’s pattern: adding supabase_id UUID in public.users, populated via DEFAULT auth.uid() and triggers.
  • Writing RLS policies that compare 
    auth.uid()
     to supabase_id, which adds casting complexity and extra joins.
  • Considering directly using id UUID PRIMARY KEY REFERENCES auth.users(id) in public.users, then layering RBAC roles.
Key Questions:
  1. For prototyping a large application, is it better practice to keep a single 
    id
     column in public.users linked straight to auth.users.id, or to maintain a separate supabase_id?
  2. How would you structure RBAC roles and permissions at scale—would you extend RLS policies, use custom PostgreSQL functions, or integrate a dedicated roles table?
  3. What database design patterns or diagrams do you recommend for quickly iterating on RBAC/RLS before productionizing?
Any insights, schema diagrams, or examples of prototyping strategies would be greatly appreciated! 🙏

Tags: #RBAC #RLS #Prototyping #SchemaDesign #Supabase
reading-gjirlfriend.gif
Was this page helpful?