Yes:

CREATE POLICY "Everyone can read all users."
    ON users
    FOR SELECT USING (
        true
    );

So I need to allow the

authenticated

role to UPDATE the users table?

Because I have RLS on all tables wouldn't it be easier to just let them UPDATE all tables and rely on RLS to protect them?

If i create an index on a user id column in a table with a RLS policy that only allows a user to read their own data, would the RLS policy leverage the index, or would I need to need to add in a

where

clause to take advantage of the index?

How do I delete all table policies?

Just came up with this script:

SELECT format('DROP POLICY IF EXISTS "%s" ON %s;', policyname, tablename)
FROM pg_policies WHERE schemaname = 'public';

Another script to delete all functions:

SELECT
    format('DROP FUNCTION IF EXISTS %s;', p.proname)
FROM
    pg_proc p
    LEFT JOIN pg_namespace n ON p.pronamespace = n.oid
WHERE
    n.nspname = 'public'

Does anyone have any good suggestions for using RLS with views?

is there a way to restrict what type of file extensions can be uploaded to a bucket?

Is there any site out there that has SQL templates that could be used in common situations? I'm doing some research for a project a basedash to have premade queries that could be used with connected databases, and I figured the community here would know if that existed.

Restricting file extensions

SQL Templates

Check this previous discussion: https://github.com/supabase/supabase/discussions/901#discussioncomment-500895

Thanks! Awesome!

I renamed some tables and columns and updated my queries but now the relationships are duplicated and I'm being told to disambiguate the query. I'd rather get rid of the duplicated relationships. Any ideas? I don't even know what to search for.

I've completely deleted and recreated the table and still get the errors.

I'm getting an issue with the row level security where I can't delete the user data even though it checks their user id

It's weird. I was "aliasing" like

my_name:original_name

. When I removed the alias it started working.

Wish I could help @User . I haven't gotten to RLS yet. Good luck!

It actually isn't too complicated atleast with what I'm doing but thats what confuses me

it should work haha

if uid() = userid then all of the others work

its only the delete one that doesnt work

The record for sure matches (userid == uid())?

yep it does because it allows me to insert,update and access with the same exact perms

if I change the id or remove that policy then those features stop working

and my delete function works with row level disabled

Could there be conflicting policies somehow?

From what I can see there are only 4 policys so I don't believe so

I'm digging through documentation though right now to see