Supabase is an open source Firebase alternative. Start your project with a Postgres database, Authentication, instant APIs, Edge Functions, Realtime subscriptions, and Storage.

Supabase

I need help creating a row level security policy. I want to protect my `products` table. The `products` table has a `supplier_id` field that references the `suppliers` table. The `suppliers` table has a `user_id` field that references the user.  The RLS policy fo the suppliers table is very simple: `(uid() = user_id)`. But I struggle to create the more complex policy required to protect the `products` based on that relationship.

if you already have a policy on `suppliers`, then i think the `products` policy only needs to be `(supplier_id IN (SELECT id FROM suppliers))`

if not, then the slightly longer `(supplier_id IN (SELECT s.id FROM suppliers s WHERE s.user_id = uid()))` should work

Hi Jason, thanks a lot for the reply. It seems that this works ___sometimes___ which drives me a bit insane.

Turns out both work. There were some strange things happening with what supabase thought the authenticated user was. Setting it explicitly with `supabase.auth.setAuth(cookies.access_token)` solved the problem