Unable to Create RLS Policy on `auth.mfa_factors`
Hello everyone,
Hope you are doing alright. I need help please!
My application's Multi-Factor Authentication (MFA) flow is not working. We have diagnosed that the
supabase.auth.mfa.listFactors() function is silently returning an empty array, which prevents users from completing
the MFA challenge.
Root Cause:
There is no RLS SELECT policy on the auth.mfa_factors table for the authenticated role.
Attempted Solutions:
We have tried every possible way to create this policy, and all have failed:
1. Dashboard UI: The auth schema is "Locked" and read-only in the Policy Editor UI, so we cannot add the policy there.
2. SQL Editor: Running CREATE POLICY... directly in the SQL Editor fails with the error: ERROR: 42501: must be owner
of table mfa_factors.
3.
fails with the same must be owner permission error.
Required Action:
Could you please run the following SQL to create the necessary policy in our project?
1 -- Enable RLS if it is not already
2 ALTER TABLE auth.mfa_factors ENABLE ROW LEVEL SECURITY;
3
4 -- Create the policy
5 CREATE POLICY "Authenticated users can read their MFA factors"
6 ON auth.mfa_factors
7 FOR SELECT
8 TO authenticated
9 USING ((SELECT auth.uid()) = user_id);
Thank you.
Karl
Hope you are doing alright. I need help please!
My application's Multi-Factor Authentication (MFA) flow is not working. We have diagnosed that the
supabase.auth.mfa.listFactors() function is silently returning an empty array, which prevents users from completing
the MFA challenge.
Root Cause:
There is no RLS SELECT policy on the auth.mfa_factors table for the authenticated role.
Attempted Solutions:
We have tried every possible way to create this policy, and all have failed:
1. Dashboard UI: The auth schema is "Locked" and read-only in the Policy Editor UI, so we cannot add the policy there.
2. SQL Editor: Running CREATE POLICY... directly in the SQL Editor fails with the error: ERROR: 42501: must be owner
of table mfa_factors.
3.
SECURITY DEFINERfails with the same must be owner permission error.
Required Action:
Could you please run the following SQL to create the necessary policy in our project?
1 -- Enable RLS if it is not already
2 ALTER TABLE auth.mfa_factors ENABLE ROW LEVEL SECURITY;
3
4 -- Create the policy
5 CREATE POLICY "Authenticated users can read their MFA factors"
6 ON auth.mfa_factors
7 FOR SELECT
8 TO authenticated
9 USING ((SELECT auth.uid()) = user_id);
Thank you.
Karl
