Logged in user not access to RLS with authenticate...
# help-and-questions
v
So I want to let all logged users insert into myTable, I would think the following would work, but I get RLS error.
Copy code
CREATE POLICY "logged in users can insert into myTable"
    ON public.myTable FOR INSERT to authenticated
    with check (
      true
    );
Error new row violates row-level security policy for table "myTable Postgres Username authenticator Also is there an easy overview of all the different roles/ postgres usernames used, when they are used and for what? I fail too find one, would be nice with a cheatsheet.
g
If you have select at end of insert you also need select policy. The only two roles that matter are authenticated and anon. If you put anon where authenticated is and it works then you are not really signed in which is a good thing to check because that happens to people alot.
v
I have tested with just anon and it failed, but somehow it also failed with this. so perhaps its my check
Copy code
CREATE POLICY "logged in users can insert into myTable"
    ON public.myTable FOR INSERT
    with check (
      true
    );
g
myTable will not work. You really should not use capital letters. You need public."myTable"
v
yeh sorry about that, the table is not named myTable, and I use snake case.
so it would be more correct of me to write public.my_table
g
Ah
Do you have a select policy?
v
yes, but the user is able to see previosly created rows in an overview page, so I think my select policy is working fine.
Or wait a minute, that page is using a view
so perhaps its bypassing the rls
g
by default views bypass RLS
v
yeh, my select policy is flawed
Do the user need to be able to select to be able to insert/update/delete?
If so that is so that explains why a delete policy which I thought was lacking actually worked as I intended. The delete policy didnt cower all clauses, but the clauses it didnt cower was cowered by the select policy
g
if you do .insert.select() you need select.
The docs tell you what policies you need for each operation.

https://cdn.discordapp.com/attachments/1111643077917028352/1111652191946670170/image.png

v
Sorry for the poor formatting
Copy code
ts
const { data, error } = await supabase.from('my_table').insert({    start_at: start,        end_at: end
});
I cant see a typed out select, but it does return data
so perhaps a .insert.select() under the hood?
Thanks for the help, was good to brush up on RLS again.
g
should not be unless you are on ..... V1 of supabase-js