Question about using native PostgreSQL roles with Supabase Auth
I'm currently working on a multi-organization project and would like to better understand how native PostgreSQL roles interact with Supabase Auth.
As I understand it, Supabase uses the anon and authenticated roles to manage database access, and permissions are typically handled through RLS policies.
However, I’m exploring whether it’s possible to assign native PostgreSQL roles (e.g., admin, teacher, student) directly to users created through Supabase Auth — so that those roles could leverage PostgreSQL’s built-in GRANT system and role inheritance, instead of replicating role logic at the application or RLS level.
In short, I’d like to clarify:
Is it currently possible for a user authenticated via Supabase Auth to inherit or use a PostgreSQL role other than authenticated?
If not, is there a technical or architectural reason that prevents this? (And is there any plan to support it in the future?)
Finally — would it be safe or supported to modify the role field directly in auth.users to manage these roles, or is that field purely internal to Supabase Auth?
As I understand it, Supabase uses the anon and authenticated roles to manage database access, and permissions are typically handled through RLS policies.
However, I’m exploring whether it’s possible to assign native PostgreSQL roles (e.g., admin, teacher, student) directly to users created through Supabase Auth — so that those roles could leverage PostgreSQL’s built-in GRANT system and role inheritance, instead of replicating role logic at the application or RLS level.
In short, I’d like to clarify:
Is it currently possible for a user authenticated via Supabase Auth to inherit or use a PostgreSQL role other than authenticated?
If not, is there a technical or architectural reason that prevents this? (And is there any plan to support it in the future?)
Finally — would it be safe or supported to modify the role field directly in auth.users to manage these roles, or is that field purely internal to Supabase Auth?
