This is more of a "what the hell is happening" kind of question, but when you create a new schema, add it via the dashboard and create a client to open a connection to that schema only, if you use the service role key do you have to grant usage and privileges to the appropriate role yourself? It seems like it, because I had to do this myself because supabase would keep sending 403 responses for every request I made. I tried this with the anonymous key too. What exactly does adding a schema via the dashboard do? This isn't enough explanation imo:

The schema to expose in your API. Tables, views and stored procedures in this schema will get API endpoints.public and storage are protected by default.

The bits in the blog post and the couple sentences in the docs don't do enough either imo What does it mean by "protected by default"? Does it have something to do with grants?

glad someone brought this up, i'd just been looking at the settings and I agree it's a bit ambiguous. "protected by default" it basically meant that public and storage cannot be removed from the list of schemas on the API. we should reword this really. A lot of settings on this page could do with more educational explanations for things, with links to external docs when necessary to explain in more detail.

@User So the API setting just selects from existing schemas. In this case they are creating a new schema. That schema has to be set up with proper privileges with grants (unless I missed some create schema part of the UI). So after you use SQL editor to create a new schema, you have to then set it grants properly.