Supabase is an open source Firebase alternative. Start your project with a Postgres database, Authentication, instant APIs, Edge Functions, Realtime subscriptions, and Storage.

Supabase

Hey guys, I've been running into a problem with policies and I can't figure it out on my own.

I have a public table called User that has an id uuid column that references auth.uid(), and a role varchar column.

I have another public table called Companies. 

I'm trying to make it so that only User with role = 'staff' can insert on table Companies.

Here's what I come up so far: 

```pgsql
CREATE OR REPLACE FUNCTION get_user_role(uid uuid) RETURNS VARCHAR AS $$ 
DECLARE user_role varchar(255);
BEGIN
  SELECT role INTO user_role FROM public.user WHERE id = uid;
  RETURN user_role;
END;
$$ LANGUAGE plpgsql
```

And here's the policy:
```pgsql
ALTER POLICY "Enable insert staff users only" ON public.company WITH CHECK (get_user_role(uid()) = 'staff');
```

I'm receiving row lever security violation when I'm trying to insert as a staff user.

I fixed it:

The problem is that supabase reads the table before inserting it, and I had no policies for select on the company table. Now it works fine after I added a policy for select!