Supabase•3mo ago

Error when insert in table "profiles" with edge-function and SERVICE_ROLE_KEY

I'm confused today. I have an edge function that inserts into a table with RLS enabled. I thought I read in the documentation that if I create a client with the SERVICE_ROLE_KEY key, RLS are ignored/overridden. This doesn't seem to be the case, given my error: "{\n code: "42501",\n details: null,\n hint: null,\n message: 'new row violates row-level security policy for table "profiles"'\n} {"code":"42501","details":null,"hint":null,"message":"new row violates row-level security policy for table \"profiles\""}\n" Do you have any leads on this? I've been stuck on this for several days. My edge function:

const supabase = createClient(
  Deno.env.get("SUPABASE_URL")!,
  Deno.env.get("SUPABASE_SERVICE_ROLE_KEY")!, // Admin key
)

Deno.serve(async (req) => {

    .... Previous code without bug

    const {data: newProfile, error: errorProfile} = await supabase.from('profiles').insert({
         id: ID_AUTH,
         email: newUser.email,
         first_name: newUser.first_name,
         last_name: newUser.last_name,
         photo_url: `https://ui-avatars.com/api/?size=128&background=random&name=${newUser.first_name}+${newUser.last_name}`,
  })
  if(errorProfile){
    // Si erreur pendant la création du profil on supprime également l'authentification
    console.log(errorProfile, JSON.stringify(errorProfile))
    await supabase.auth.admin.deleteUser(ID_AUTH)
    return new Response('Error creating profile', {status: 400, headers: corsHeaders})
  }

})

const supabase = createClient(
  Deno.env.get("SUPABASE_URL")!,
  Deno.env.get("SUPABASE_SERVICE_ROLE_KEY")!, // Admin key
)

Deno.serve(async (req) => {

    .... Previous code without bug

    const {data: newProfile, error: errorProfile} = await supabase.from('profiles').insert({
         id: ID_AUTH,
         email: newUser.email,
         first_name: newUser.first_name,
         last_name: newUser.last_name,
         photo_url: `https://ui-avatars.com/api/?size=128&background=random&name=${newUser.first_name}+${newUser.last_name}`,
  })
  if(errorProfile){
    // Si erreur pendant la création du profil on supprime également l'authentification
    console.log(errorProfile, JSON.stringify(errorProfile))
    await supabase.auth.admin.deleteUser(ID_AUTH)
    return new Response('Error creating profile', {status: 400, headers: corsHeaders})
  }

})

Thanks for help

8 Replies

garyaustin•3mo ago

Depends on what your "previous code without bug" does. If it sets the authorization header or adds a user session somehow then it is no longer service role. If you get the RLS error then you are for sure not service_role

PolarisOP•3mo ago

const {data : newAuthentification, error: errorAuthentification} = await supabase.auth.signUp({ email: newUser.email, password: newUser.password, }) if(errorAuthentification){ return new Response('Error creating user', {status: 400, headers: corsHeaders}) } const ID_AUTH = newAuthentification.user?.id a block of the previous code with the insert SignUp

garyaustin•3mo ago

So you just added a user to the client. It is no longer service_role.

PolarisOP•3mo ago

and other data from other tables, but for all the other table is a success

garyaustin•3mo ago

Probably the user has access to them.

PolarisOP•3mo ago

After a SignUp, the supabase client changes to authenticate with the created account?

garyaustin•3mo ago

Normally you use admin.createUser to create a user with service role client then you stay service role. Yes Or you can have two separate clients.

PolarisOP•3mo ago

Okay, that's so tricky. I didn't understand this subtlety in the documentation. Thanks.

Gaming

Programming

Error when insert in table "profiles" with edge-function and SERVICE_ROLE_KEY

Did you find this page helpful?