S
Supabase4w ago
Oreo the milkshake

RLS Policies exist but error 403 persists and I'm getting denied.

Building and app and the goal is to get an education modal where users can see, edit, upload, and delete their education data, I have the correct policies (think I do at least, you never know) I can link my education.tsx, and my educationService.ts if that would make things easier, I have been working on this issue for while.
No description
No description
29 Replies
garyaustin
garyaustin4w ago
Check the API and Postgres logs. But permission denied is usually a grant issue and not an RLS issue. What operation is getting the error. An insert RLS error is usually this message: new row violates row-level security policy for table xxxxx
Oreo the milkshake
Oreo the milkshakeOP4w ago
No description
Oreo the milkshake
Oreo the milkshakeOP4w ago
this is on api gateway sorry i would be more detailed but this is my first supabased project
garyaustin
garyaustin4w ago
That is a select. It would not error for RLS So somehow your public schema or that tables grants got changed.
Oreo the milkshake
Oreo the milkshakeOP4w ago
i restarted workiong on my policies, rn i just have
No description
garyaustin
garyaustin4w ago
Are you using Prisma?
Oreo the milkshake
Oreo the milkshakeOP4w ago
nah
garyaustin
garyaustin4w ago
Polices are not your issue.
Oreo the milkshake
Oreo the milkshakeOP4w ago
gotcha
garyaustin
garyaustin4w ago
Are you using an AI?
Oreo the milkshake
Oreo the milkshakeOP4w ago
like in the project, no not implimenting an ai
garyaustin
garyaustin4w ago
For generating database code?
Oreo the milkshake
Oreo the milkshakeOP4w ago
yeah about 70% of it
garyaustin
garyaustin4w ago
My thinking is either it did, or it had you run some SQL to change tables or schema with the GRANT operation.
Oreo the milkshake
Oreo the milkshakeOP4w ago
is there a way to check? grant select, insert, update, delete on education to authenticated; i just ran this and it the error is gona
garyaustin
garyaustin4w ago
SELECT grantee, table_schema AS schema, table_name, privilege_type AS privilege, grantor
FROM information_schema.table_privileges
WHERE table_name = 'education';
SELECT grantee, table_schema AS schema, table_name, privilege_type AS privilege, grantor
FROM information_schema.table_privileges
WHERE table_name = 'education';
Yeah not good if you don't know why...
Oreo the milkshake
Oreo the milkshakeOP4w ago
iv used the same database, for a lot of projects, i think i must have changed grant permissions a while backl
garyaustin
garyaustin4w ago
Could have modified the grants for other tables and roles.
Oreo the milkshake
Oreo the milkshakeOP4w ago
i think i def did is there a way to reset it to defaulkt
garyaustin
garyaustin4w ago
If you don't need grants to block for some reason I can find the SQL code to reset it all to what SB comes with.
Oreo the milkshake
Oreo the milkshakeOP4w ago
i think i keep them thank you sm this issue has been abs killing me
garyaustin
garyaustin4w ago
GRANT USAGE ON SCHEMA public TO anon, authenticated, service_role;
GRANT ALL ON ALL TABLES IN SCHEMA public TO anon, authenticated, service_role;
GRANT ALL ON ALL ROUTINES IN SCHEMA public TO anon, authenticated, service_role;
GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO anon, authenticated, service_role;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT ALL ON TABLES TO anon, authenticated, service_role;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT ALL ON ROUTINES TO anon, authenticated, service_role;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT ALL ON SEQUENCES TO anon, authenticated, service_role;
GRANT USAGE ON SCHEMA public TO anon, authenticated, service_role;
GRANT ALL ON ALL TABLES IN SCHEMA public TO anon, authenticated, service_role;
GRANT ALL ON ALL ROUTINES IN SCHEMA public TO anon, authenticated, service_role;
GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO anon, authenticated, service_role;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT ALL ON TABLES TO anon, authenticated, service_role;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT ALL ON ROUTINES TO anon, authenticated, service_role;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT ALL ON SEQUENCES TO anon, authenticated, service_role;
Would reset them to default.
Oreo the milkshake
Oreo the milkshakeOP4w ago
is this better to do, cuz i got my auth working and dont wanna ruin it
garyaustin
garyaustin4w ago
You could wait until the next thing breaks and then do it. The only downside is if you have some code you wanted to hide form a particular user. Normally you should use RLS for that on tables though.
Oreo the milkshake
Oreo the milkshakeOP4w ago
does grant disable rls?
garyaustin
garyaustin4w ago
It is checked first, then RLS is checked.
Oreo the milkshake
Oreo the milkshakeOP4w ago
so if I wanna build this for safety whats the best practice methodology to do can i grant only to authenticated users
garyaustin
garyaustin4w ago
I would personally never touch the public grants for tables. I might for specific functions. I use RLS or I use a custom schema where I set the grants as I want. But leave public alone.
Oreo the milkshake
Oreo the milkshakeOP4w ago
alr so i should jusit set them to default then, i think i changed them earlier

Did you find this page helpful?