Unable to Create RLS Policy on `auth.mfa_factors`

Hello everyone,

Hope you are doing alright. I need help please!
My application's Multi-Factor Authentication (MFA) flow is not working. We have diagnosed that the
supabase.auth.mfa.listFactors() function is silently returning an empty array, which prevents users from completing
the MFA challenge.

Root Cause:
There is no RLS SELECT policy on the auth.mfa_factors table for the authenticated role.

Attempted Solutions:
We have tried every possible way to create this policy, and all have failed:
1. Dashboard UI: The auth schema is "Locked" and read-only in the Policy Editor UI, so we cannot add the policy there.
2. SQL Editor: Running CREATE POLICY... directly in the SQL Editor fails with the error: ERROR: 42501: must be owner
of table mfa_factors.
3.

SECURITY DEFINER

SECURITY DEFINER

Function: We attempted to use a SECURITY DEFINER function to escalate privileges, but this also
fails with the same must be owner permission error.

Required Action:
Could you please run the following SQL to create the necessary policy in our project?

1 -- Enable RLS if it is not already
2 ALTER TABLE auth.mfa_factors ENABLE ROW LEVEL SECURITY;
3
4 -- Create the policy
5 CREATE POLICY "Authenticated users can read their MFA factors"
6 ON auth.mfa_factors
7 FOR SELECT
8 TO authenticated
9 USING ((SELECT auth.uid()) = user_id);

Thank you.
Karl

Supabase•7mo ago•

1 reply

Karl

Unable to Create RLS Policy on `auth.mfa_factors`

SECURITY DEFINER

SECURITY DEFINER

Unable to Create RLS Policy on `auth.mfa_factors`

Similar Threads

Unable to Create RLS Policy on `auth.mfa_factors`

Similar Threads

Similar Threads

Similar Threads