Supabase is an open source Firebase alternative. Start your project with a Postgres database, Authentication, instant APIs, Edge Functions, Realtime subscriptions, and Storage.

Supabase

For example, let's say I have a table like this:
```
-----------------------------------------------------------
| user_id | first_name | last_name | email_address | role |
-----------------------------------------------------------
```
In an UPDATE operation, how could I allow users to edit _some_ but not all fields for their own record? Obviously it's not good if a customer can make themselves an administrator or change their `user_id`.

you can find more RLS resources at https://www.postgresql.org/docs/current/ddl-rowsecurity.html

however, it's probably not what you're looking for if you want to restrict only certain columns

since as its name suggests, it only applies for rows

instead, to handle updates for certain fields, you can do eitehr of 2 things: 1) triggers to clean input, or 2) rpc

for 1), it'll look something like this:

```
CREATE FUNCTION clean_update()
    RETURNS SETOF trigger
    LANGUAGE 'plpgsql'
AS $BODY$
BEGIN
    NEW.id := OLD.id;
    NEW.role := OLD.role;

    RETURN NEW;
END;
$BODY$;

CREATE TRIGGER clean_update_on_my_table
    BEFORE UPDATE 
    ON public.<MY TABLE>
    FOR EACH ROW
    EXECUTE PROCEDURE public.clean_update();
```

so before any update is made to your table, the id and role will be set to whatever it was previously, ignoring those fields in the incoming request

or, for 2), just create an update function that can be called via `.rpc`, since in that function you can control exactly the fields you want to update

Thanks so much! That's really helpful ☺️