RLS Policies exist but error 403 persists and I'm getting denied.

Oreo the milkshake · 2025-09-23T19:43:36.812Z

Building and app and the goal is to get an education modal where users can see, edit, upload, and delete their education data, I have the correct policies (think I do at least, you never know) I can link my education.tsx, and my educationService.ts if that would make things easier, I have been working on this issue for while.

G

garyaustin•9/23/25, 7:45 PM

Check the API and Postgres logs.
But permission denied is usually a grant issue and not an RLS issue.

G

garyaustin•9/23/25, 7:47 PM

What operation is getting the error.
An insert RLS error is usually this message:

new row violates row-level security policy for table xxxxx

new row violates row-level security policy for table xxxxx

new row violates row-level security policy for table xxxxx

new row violates row-level security policy for table xxxxx

O

Oreo the milkshakeOP•9/23/25, 8:17 PM

O

Oreo the milkshakeOP•9/23/25, 8:17 PM

this is on api gateway

O

Oreo the milkshakeOP•9/23/25, 8:17 PM

sorry i would be more detailed but this is my first supabased project

G

garyaustin•9/23/25, 8:18 PM

That is a select.

G

garyaustin•9/23/25, 8:18 PM

It would not error for RLS

G

garyaustin•9/23/25, 8:18 PM

So somehow your public schema or that tables grants got changed.

O

Oreo the milkshakeOP•9/23/25, 8:19 PM

i restarted workiong on my policies, rn i just have

G

garyaustin•9/23/25, 8:19 PM

Are you using Prisma?

O

Oreo the milkshakeOP•9/23/25, 8:19 PM

nah

G

garyaustin•9/23/25, 8:19 PM

Polices are not your issue.

O

Oreo the milkshakeOP•9/23/25, 8:19 PM

gotcha

G

garyaustin•9/23/25, 8:19 PM

Are you using an AI?

O

Oreo the milkshakeOP•9/23/25, 8:19 PM

like in the project, no

O

Oreo the milkshakeOP•9/23/25, 8:19 PM

not implimenting an ai

G

garyaustin•9/23/25, 8:19 PM

For generating database code?

O

Oreo the milkshakeOP•9/23/25, 8:20 PM

yeah about 70% of it

G

garyaustin•9/23/25, 8:20 PM

My thinking is either it did, or it had you run some SQL to change tables or schema with the GRANT operation.

O

Oreo the milkshakeOP•9/23/25, 8:21 PM

is there a way to check?

O

Oreo the milkshakeOP•9/23/25, 8:22 PM

grant select, insert, update, delete on education to authenticated;

O

Oreo the milkshakeOP•9/23/25, 8:22 PM

i just ran this

O

Oreo the milkshakeOP•9/23/25, 8:22 PM

and it

O

Oreo the milkshakeOP•9/23/25, 8:22 PM

the error is gona

G

garyaustin•9/23/25, 8:22 PM

SELECT grantee, table_schema AS schema, table_name, privilege_type AS privilege, grantor
FROM information_schema.table_privileges
WHERE table_name = 'education';

SELECT grantee, table_schema AS schema, table_name, privilege_type AS privilege, grantor
FROM information_schema.table_privileges
WHERE table_name = 'education';

SELECT grantee, table_schema AS schema, table_name, privilege_type AS privilege, grantor
FROM information_schema.table_privileges
WHERE table_name = 'education';

SELECT grantee, table_schema AS schema, table_name, privilege_type AS privilege, grantor
FROM information_schema.table_privileges
WHERE table_name = 'education';

G

garyaustin•9/23/25, 8:22 PM

Yeah not good if you don't know why...

O

Oreo the milkshakeOP•9/23/25, 8:23 PM

iv used

O

Oreo the milkshakeOP•9/23/25, 8:23 PM

the same database, for a lot of projects,

O

Oreo the milkshakeOP•9/23/25, 8:23 PM

i think i must have changed grant permissions a while backl

G

garyaustin•9/23/25, 8:23 PM

Could have modified the grants for other tables and roles.

O

Oreo the milkshakeOP•9/23/25, 8:23 PM

i think i def did

O

Oreo the milkshakeOP•9/23/25, 8:23 PM

is there a way to reset it to defaulkt

G

garyaustin•9/23/25, 8:23 PM

If you don't need grants to block for some reason I can find the SQL code to reset it all to what SB comes with.

O

Oreo the milkshakeOP•9/23/25, 8:24 PM

i think i keep them

O

Oreo the milkshakeOP•9/23/25, 8:24 PM

thank you sm

O

Oreo the milkshakeOP•9/23/25, 8:25 PM

this issue has been abs killing me

G

garyaustin•9/23/25, 8:25 PM

GRANT USAGE ON SCHEMA public TO anon, authenticated, service_role;
GRANT ALL ON ALL TABLES IN SCHEMA public TO anon, authenticated, service_role;
GRANT ALL ON ALL ROUTINES IN SCHEMA public TO anon, authenticated, service_role;
GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO anon, authenticated, service_role;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT ALL ON TABLES TO anon, authenticated, service_role;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT ALL ON ROUTINES TO anon, authenticated, service_role;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT ALL ON SEQUENCES TO anon, authenticated, service_role;

GRANT USAGE ON SCHEMA public TO anon, authenticated, service_role;
GRANT ALL ON ALL TABLES IN SCHEMA public TO anon, authenticated, service_role;
GRANT ALL ON ALL ROUTINES IN SCHEMA public TO anon, authenticated, service_role;
GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO anon, authenticated, service_role;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT ALL ON TABLES TO anon, authenticated, service_role;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT ALL ON ROUTINES TO anon, authenticated, service_role;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT ALL ON SEQUENCES TO anon, authenticated, service_role;

GRANT USAGE ON SCHEMA public TO anon, authenticated, service_role;
GRANT ALL ON ALL TABLES IN SCHEMA public TO anon, authenticated, service_role;
GRANT ALL ON ALL ROUTINES IN SCHEMA public TO anon, authenticated, service_role;
GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO anon, authenticated, service_role;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT ALL ON TABLES TO anon, authenticated, service_role;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT ALL ON ROUTINES TO anon, authenticated, service_role;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT ALL ON SEQUENCES TO anon, authenticated, service_role;

GRANT USAGE ON SCHEMA public TO anon, authenticated, service_role;
GRANT ALL ON ALL TABLES IN SCHEMA public TO anon, authenticated, service_role;
GRANT ALL ON ALL ROUTINES IN SCHEMA public TO anon, authenticated, service_role;
GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO anon, authenticated, service_role;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT ALL ON TABLES TO anon, authenticated, service_role;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT ALL ON ROUTINES TO anon, authenticated, service_role;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT ALL ON SEQUENCES TO anon, authenticated, service_role;

Would reset them to default.

O

Oreo the milkshakeOP•9/23/25, 8:25 PM

is this better to do, cuz i got my auth working and dont wanna ruin it

G

garyaustin•9/23/25, 8:26 PM

You could wait until the next thing breaks and then do it.
The only downside is if you have some code you wanted to hide form a particular user. Normally you should use RLS for that on tables though.

O

Oreo the milkshakeOP•9/23/25, 8:27 PM

does grant disable rls?

G

garyaustin•9/23/25, 8:27 PM

It is checked first, then RLS is checked.

O

Oreo the milkshakeOP•9/23/25, 8:27 PM

so if I wanna build this for safety whats the best practice methodology to do

O

Oreo the milkshakeOP•9/23/25, 8:28 PM

can i grant only to authenticated users

G

garyaustin•9/23/25, 8:28 PM

I would personally never touch the public grants for tables. I might for specific functions. I use RLS or I use a custom schema where I set the grants as I want. But leave public alone.

O

Oreo the milkshakeOP•9/23/25, 8:29 PM

alr so i should jusit set them to default then, i think i changed them earlier

RLS Policies exist but error 403 persists and I'm getting denied.

Similar Threads

Similar Threads

Similar Threads