Need Assistance with Supabase Database Insert/Update Issue in Android SDK Integration
Hi team,
I hope you're doing well. I'm currently working on integrating Supabase into my Android application. So far, I've successfully integrated the Supabase Auth SDK, and authentication is working smoothly.
However, I'm facing a blocker when it comes to inserting or updating data in the Supabase database using the PostgREST API from the Android client. Specifically, I am encountering errors related to Row-Level Security (RLS) policies, and in some cases, I’ve also received a duplicate key value violates unique constraint error when inserting records into the call_logs table.
I have thoroughly reviewed the policies set up on the Supabase Dashboard and also verified the foreign key relationships — particularly between call_logs.user_id and user_profiles.id. Still, I suspect there may be an issue with how the RLS policies are defined or how Supabase attempts to recursively validate access through foreign key relations, possibly leading to the "infinite recursion" issue as mentioned in the documentation.
I’ve attached multiple screenshots of my policy configurations and errors I encountered. I would really appreciate it if someone from the team could take a look and guide me on:
How to correctly define RLS policies for user_profiles and call_logs to allow users to insert and view only their own data.
Whether it’s better to fetch relational data separately rather than using joins via select=,user_profiles() in this scenario.
How to ensure UUIDs are correctly generated on the client side to avoid primary key conflicts when inserting new rows.
If any additional Supabase or SDK configurations are required to make data operations consistent and secure.
Thank you in advance for your support. I'm happy to provide any additional context or code if needed.
Best regards,
Alish Kumar
6 Replies
Please paste your actual policies inline as code as it's easier for someone to read. The screenshots of the policies you have setup isn't much help here.
Hi @silentworks ,
I've added the relevant screenshots for your reference. Please have a look and let me know if they help you debug the issue.
Please stop using screenshots and paste them inline. You can paste code using 3 backticks.
You seem to have an ALL policy whilst still having individual (SELECT, UPDATE...) policies. This might be causing a conflict when Postgres cascades the policies.
When multiple policies apply to a given query, they are combined using either OR (for permissive policies, which are the default) or using AND (for restrictive policies). This is similar to the rule that a given role has the privileges of all roles that they are a member of. Permissive vs. restrictive policies are discussed further below.From the Postgres docs https://www.postgresql.org/docs/current/ddl-rowsecurity.html
PostgreSQL Documentation
5.9. Row Security Policies
5.9. Row Security Policies # In addition to the SQL-standard privilege system available through GRANT, tables can have row security policies …
I’ve also received a duplicate key value violates unique constraint error when inserting records into the call_logs table.This is unrelated to RLS altogether, this means you are trying to insert data with the same unique key.