service_role lost write permissions on auth schema - Production DOWN
RLSauth🟢SQLDescription:
Project Ref: ruasioxmitvlrrmeiuga
PostgreSQL Version: 17.4
Severity: CRITICAL - Production is completely down
ISSUE:
New user registration broken. service_role cannot INSERT into auth tables.
COMPLETE DIAGNOSIS:
1. PERMISSION CHECK (auth.users):
- service_role: SELECT only
- postgres: full access
- Expected: service_role should have INSERT, UPDATE, DELETE
2. AFFECTS ALL AUTH TABLES:
auth.users, auth.sessions, auth.refresh_tokens, auth.identities,
auth.mfa_factors, etc. - ALL have service_role = SELECT only
3. DEFAULT ACL MISSING service_role:
Query: SELECT * FROM pg_default_acl WHERE defaclnamespace = 'auth'::regnamespace;
Result: Only postgres and dashboard_user listed, service_role NOT included
4. ROLE PERMISSIONS:
- service_role.rolbypassrls = false
- postgres.rolsuper = false (cannot GRANT)
- SET ROLE supabase_admin: permission denied
5. WE CANNOT FIX THIS:
- GRANT command fails (postgres not superuser)
- Cannot SET ROLE to supabase_admin
- Dashboard SQL Editor also lacks permission
FIX REQUIRED (must be run with supabase_admin):
GRANT INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA auth TO service_role;
ALTER DEFAULT PRIVILEGES FOR ROLE supabase_auth_admin IN SCHEMA auth
GRANT INSERT, SELECT, UPDATE, DELETE ON TABLES TO service_role;
QUESTIONS:
- Was this project recently upgraded to PostgreSQL 17?
- Is this a known issue from database migration?
IMPACT:
- No new user registration
- Auth completely broken
- Production DOWN
Please prioritize this issue. Thank you.
#support
Project Ref: ruasioxmitvlrrmeiuga
PostgreSQL Version: 17.4
Severity: CRITICAL - Production is completely down
ISSUE:
New user registration broken. service_role cannot INSERT into auth tables.
COMPLETE DIAGNOSIS:
1. PERMISSION CHECK (auth.users):
- service_role: SELECT only
- postgres: full access
- Expected: service_role should have INSERT, UPDATE, DELETE
2. AFFECTS ALL AUTH TABLES:
auth.users, auth.sessions, auth.refresh_tokens, auth.identities,
auth.mfa_factors, etc. - ALL have service_role = SELECT only
3. DEFAULT ACL MISSING service_role:
Query: SELECT * FROM pg_default_acl WHERE defaclnamespace = 'auth'::regnamespace;
Result: Only postgres and dashboard_user listed, service_role NOT included
4. ROLE PERMISSIONS:
- service_role.rolbypassrls = false
- postgres.rolsuper = false (cannot GRANT)
- SET ROLE supabase_admin: permission denied
5. WE CANNOT FIX THIS:
- GRANT command fails (postgres not superuser)
- Cannot SET ROLE to supabase_admin
- Dashboard SQL Editor also lacks permission
FIX REQUIRED (must be run with supabase_admin):
GRANT INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA auth TO service_role;
ALTER DEFAULT PRIVILEGES FOR ROLE supabase_auth_admin IN SCHEMA auth
GRANT INSERT, SELECT, UPDATE, DELETE ON TABLES TO service_role;
QUESTIONS:
- Was this project recently upgraded to PostgreSQL 17?
- Is this a known issue from database migration?
IMPACT:
- No new user registration
- Auth completely broken
- Production DOWN
Please prioritize this issue. Thank you.
#support
