SupabaseS
Supabase5mo ago
Nari

RLS insert still failing for anon role even with correct policy

I’m trying to submit a booking form from my frontend to a Supabase table bookings with RLS enabled. I’ve created the following policy:

CREATE POLICY "allow_anonymous_insert_bookings"
ON public.bookings
FOR INSERT
TO anon
WITH CHECK (true);


which grants:

GRANT USAGE ON SCHEMA public TO anon;
GRANT INSERT ON public.bookings TO anon;
GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO anon;

pg_policies confirms the policy is PERMISSIVE and exists for the anon role, and my call to a debug_auth() function shows:

[ { "current_user": "anon", "role": "anon", "uid": null } ]


So I KNOW I'm using the anon role. this is what the frontend code to insert looks like:

const { data, error } = await supabase
  .from('bookings')
  .insert([bookingData]);


example contents of bookingData (to be submitted:

const bookingData = {
  name: "Test User",
  email: "test.user@example.com",
  phone: "5551234567",
  address: "123 Example Street",
  services: ["deep_clean"],
  add_ons: ["fridge", "window_washing"],
  date_time: "2025-09-15T14:30",
  special_instructions: "Please focus extra on the kitchen area.",
  estimated_price: 325,
  status: "pending"
};


and finally the issue i am facing when trying to submit:

POST https://<project>.supabase.co/rest/v1/bookings?columns=...
401 Unauthorized
"new row violates row-level security policy for table \"bookings\""


ANY help would be appreciated. It should be noted that this all works if i disable RLS, but I dont think thats a good idea for many reasons.
Was this page helpful?