It's probably best to explain what you are trying to accomplish here, the docs outline ways of handling some of this stuff too so it might be worth reading through it a bit.

Yep, as @User says, best to try and explain what outcome you want and someone in here will be able to give some advice on a good policy set up to use. You can make a public table private to everyone, turn on Row Level Security and have no policies. supabase-js (with the anon key) won't be able to do anything with that table then. but, you miss out on all the magic of supabase auth policies then 😦 and you'll end up having a backend doing the work for you when you could be fetching/writing to a table directly from the client. i'm guessing the use case you actually want is that a user (tim@apple.com) could read their info from public.private-profiles, but nobody else can have access?e