RLS not working
RLSI need urgent help with Row Level Security (RLS). When RLS is enabled, authenticated users cannot read their own data (queries return empty results or “permission denied”). When I disable RLS, everything works. This is blocking production.
Issue
• RLS ON → users cannot retrieve their own rows
• RLS OFF → queries work correctly
• Likely the policy condition using auth.uid() is not matching the table’s user_id
What I’ve tried
• Enabled RLS and added a SELECT policy allowing users to read their own records
• Confirmed the user is authenticated (session exists, user ID accessible on frontend)
• Reads still fail unless RLS is disabled
Possible causes
• user_id column type/value mismatch (uuid vs text, nulls, wrong value stored)
• Uncertainty whether to use auth.uid() or auth.jwt() ->> 'sub'
• Client may be using the wrong role/key (anon vs authenticated vs service_role)
Questions
1. How can I verify what auth.uid() evaluates to during a request and confirm it matches user_id?
2. What is the recommended policy approach when user_id is uuid vs text? Is casting safe?
3. How can I confirm which Postgres role my request is using?
4. What common issues cause policies to exist but still return no rows (USING vs WITH CHECK, missing insert/update policies, views, etc.)?
Thanks for your help.
Issue
• RLS ON → users cannot retrieve their own rows
• RLS OFF → queries work correctly
• Likely the policy condition using auth.uid() is not matching the table’s user_id
What I’ve tried
• Enabled RLS and added a SELECT policy allowing users to read their own records
• Confirmed the user is authenticated (session exists, user ID accessible on frontend)
• Reads still fail unless RLS is disabled
Possible causes
• user_id column type/value mismatch (uuid vs text, nulls, wrong value stored)
• Uncertainty whether to use auth.uid() or auth.jwt() ->> 'sub'
• Client may be using the wrong role/key (anon vs authenticated vs service_role)
Questions
1. How can I verify what auth.uid() evaluates to during a request and confirm it matches user_id?
2. What is the recommended policy approach when user_id is uuid vs text? Is casting safe?
3. How can I confirm which Postgres role my request is using?
4. What common issues cause policies to exist but still return no rows (USING vs WITH CHECK, missing insert/update policies, views, etc.)?
Thanks for your help.
