I have an issue opened for this bug in the real-time repo if you want to add your findings! https://github.com/supabase/realtime/issues/213

any example for a multi tenant (sass design) using supabase and dynamic schemas? Maybe using different tenants for db for custom table, idk

from what I saw from ur code, you are missing "auth", instead "uid()" you have to call "auth.uid()"

is_member_of_list(auth.uid(), list_id)

adding RLS through the Supabase UI drops the "auth.", I think "auth" is in the path

this isn't possible because the defaults policies have access to auth.uid() , auth.email() and auth.role() functions, and all them are custom function created on auth schema

so... the RLS have access to the functions, the only difference I have find atm is the location, the supabase default SQL functions are under auth schema, the one we are trying to use on RLS is in public schema

I made an issue ticket about RLS with Custom SQL functions https://github.com/supabase/supabase/issues/4683 @User let's see if someone can help us

@User I have some news, I did more test, so... I discover that: if the SQL function is declared with the option SECURITY DEFINER, then the function is triggered by RLS but not from standard queries: this explain why the standard queries work and realtime stop to work if the SQL function is declared without the option SECURITY DEFINER, then the function is triggered at every query (standard queries too) and then I got the error: max_stack_depth error in postgresql so.... if my think are right, when the function is defined with SECURITY DEFINER and the realtime is triggered, he go in error max_stack_depth, but is internal then we not see any kind of result... the fast solution is increase the max_stack_depth but I will not like do it, I think we need work to optimize the query inside the function to avoid many recursive checks

anyway is strange because my function is a simple select:

SELECT EXISTS (
  SELECT 1
  FROM channel_users cu
  WHERE cu.channel_id::int8 = _channel_id::int8
  AND cu.user_mail::text = _user_email::text
);

and I get immediatly the error max_stack_depth from a simple select query:

const lastChannelMessageRead = await this.supabase.from('channel_users').select('channel_id,last_message_read').eq('user_mail',this.data.user_loged.user.email)

Are you selecting from the table your RLS rule is protecting?

yes

damn, Im an idiot lol

well, that's why you need SECURITY DEFINER 🙂

if the the table is the one protected he will not be able to select all, and will die in recursive depth to determinate the rows lmao

yes but if I set Security Definer the regular queries will work but the realtime will die always

so... this is the mistery xD

with the SECURITY DEFINER all work... I retrieve the data, I subscribe to the realtime task ect, but at the moment to execute an action would trigger the realtime, this will be never emitting

to explain, I have an table: channel_users this table is a link between chat channels and users profiles, in this table is present an column: "isTyping" and the table is enabled for the realtime. when an user is typing I go to update the boolean to True on column isTyping, this trigger the UPDATE event on realtime, if I set the RLS policy to "true" I get the payload from realtime subscription, if I set my function to the policy, I will not get the payload

but the rest will work lmao

any idea?

Hello, I'm having trouble creating this RLS policy, and was curious if someone could give me some pointers. I have a

public.identities

table with staff

(boolean)

& uid

(auth.user foreign key)

columns. Essentially, I want to check if that identity has the staff boolean value to true before being able to edit this table. I've tried these two, although they both seem to produce errors near the beginning of the expression: EDIT: The following seemed to work, although I'm not sure if it's the best way of doing it

sql
exists (
  select staff from public.identities
  where public.identities.uid = auth.uid()
  and public.identities.staff = true
)

i need some help debugging row level security... I have a policy auth.user_id() = user_id, however, it's not passing. Is there any way to see what JWT is getting sent up? can't figure out where its not working

I don't think there is auth.user_id() function...did you mean auth.uid()?

i was following some tutorial.. it had me create auth.user_id()

will auth.uid() pull off the userId claim of the jwt sent w/ the request?

yes

This is what im trying to follow. https://auth0.com/blog/using-nextjs-and-auth0-with-supabase/#Supabase

seems like it expects auth.uid() to be a UUID whereas mines set as text

Currently that field is basically the

where

portion of a sql statement. Soon it will allow you to pass full sql to query your logs with. Iterating through that whole UI more at the moment.

@User https://github.com/supabase/supabase/issues/4683#issuecomment-1001708800