Supabase•5mo ago•

17 replies

Issues with UPDATE RLS policy

Hey guys, I've got a weird issue with RLS that seems like it should work, but doesn't.

I have a basic table with

id

id

auth_id

auth_id

, some unexciting data columns and a boolean column called

active

active

. I have a RLS policy on to only show rows that are

active=true

active=true

and belong to that user, but allow users to update the row to have

active=false

active=false

so they can "delete" the row.

This policy looks like;

alter policy "all own"
on "public"."my_table"
to authenticated
using (
  ((( SELECT auth.uid() AS uid) = auth_id) AND (active IS TRUE))
) with check (
  (( SELECT auth.uid() AS uid) = auth_id)
);

alter policy "all own"
on "public"."my_table"
to authenticated
using (
  ((( SELECT auth.uid() AS uid) = auth_id) AND (active IS TRUE))
) with check (
  (( SELECT auth.uid() AS uid) = auth_id)
);

I've done this as individual policies as well (select/update/insert), but I get the same issue as soon as I add the

active is true

active is true

to the select part. If I try and update it using something like;

await supabase.from("my_table").update({ active: false }).eq("id", id);

await supabase.from("my_table").update({ active: false }).eq("id", id);

I get an RLS violation;

'new row violates row-level security policy for table "my_table"'

'new row violates row-level security policy for table "my_table"'

Reading the docs, this doesn't make a lot of sense to me, so if this is expected behaviour, I'd love to know why? Or is there a different way to do this? Am I missing something?

For context, I'm using the JS package on SvelteKit, package versions are;

"@supabase/ssr": "^0.6.1",
"@supabase/supabase-js": "^2.54.0",

"@supabase/ssr": "^0.6.1",
"@supabase/supabase-js": "^2.54.0",

Any help is appreciated.

Issues with UPDATE RLS policy

Hey guys, I've got a weird issue with RLS that seems like it should work, but doesn't.

I have a basic table with

id

id

auth_id

auth_id

, some unexciting data columns and a boolean column called

active

active

. I have a RLS policy on to only show rows that are

active=true

active=true

and belong to that user, but allow users to update the row to have

active=false

active=false

so they can "delete" the row.

This policy looks like;

alter policy "all own"
on "public"."my_table"
to authenticated
using (
  ((( SELECT auth.uid() AS uid) = auth_id) AND (active IS TRUE))
) with check (
  (( SELECT auth.uid() AS uid) = auth_id)
);

alter policy "all own"
on "public"."my_table"
to authenticated
using (
  ((( SELECT auth.uid() AS uid) = auth_id) AND (active IS TRUE))
) with check (
  (( SELECT auth.uid() AS uid) = auth_id)
);

I've done this as individual policies as well (select/update/insert), but I get the same issue as soon as I add the

active is true

active is true

to the select part. If I try and update it using something like;

await supabase.from("my_table").update({ active: false }).eq("id", id);

await supabase.from("my_table").update({ active: false }).eq("id", id);

I get an RLS violation;

'new row violates row-level security policy for table "my_table"'

'new row violates row-level security policy for table "my_table"'

"@supabase/ssr": "^0.6.1",
"@supabase/supabase-js": "^2.54.0",

"@supabase/ssr": "^0.6.1",
"@supabase/supabase-js": "^2.54.0",

Any help is appreciated.

Issues with UPDATE RLS policy

Similar Threads

Issues with UPDATE RLS policy

Similar Threads

Similar Threads

Similar Threads