SupabaseS
Supabase3mo ago
WisdomPanda

Issues with UPDATE RLS policy

Hey guys, I've got a weird issue with RLS that seems like it should work, but doesn't.

I have a basic table with 
id
, auth_id, some unexciting data columns and a boolean column called active. I have a RLS policy on to only show rows that are active=true and belong to that user, but allow users to update the row to have active=false so they can "delete" the row.

This policy looks like;

alter policy "all own"
on "public"."my_table"
to authenticated
using (
  ((( SELECT auth.uid() AS uid) = auth_id) AND (active IS TRUE))
) with check (
  (( SELECT auth.uid() AS uid) = auth_id)
);


I've done this as individual policies as well (select/update/insert), but I get the same issue as soon as I add the active is true to the select part. If I try and update it using something like;

await supabase.from("my_table").update({ active: false }).eq("id", id);


I get an RLS violation; 'new row violates row-level security policy for table "my_table"'

Reading the docs, this doesn't make a lot of sense to me, so if this is expected behaviour, I'd love to know why? Or is there a different way to do this? Am I missing something?

For context, I'm using the JS package on SvelteKit, package versions are;
"@supabase/ssr": "^0.6.1",
"@supabase/supabase-js": "^2.54.0",


Any help is appreciated. 🙏
Was this page helpful?