Supabase Admin policy not working
i am trying to make a website where client and freelancer can interact with each other and everything goin perfectly fine but when i was working on website admin page i can edit contract section but when i try to edit profile of any client or freelancer i can't
2 Replies
All is not the best way to do policies. You should normally have a policy for each thing.
Your TO clauses don't make much sense. Why are you granting Supabase roles access to the profiles table. Normally they are not involved with that table or don't obey RLS anyway.
Where is your policy to allow an authenticated user who has admin role in your profile table. Note I'm assuming you are managing roles in the profile table based on the policies you show.
For the contracts table policy to work you will have to meet select policy on the profiles table.
Also you will not be able to have your select policy on profiles do a select from profiles in it as that select then has to meet the same policy which will cause recursion. You would need to move that code to a security definer function to do the look up using auth.uid() and return admin or not. Then call that function in your profiles table policy.
hi sorry for later reply and also thanks for your help now everything working fine thanks 🙂