anyone do a write-only RLS policy? I'm trying to m...
# sqlq
quicksnap
09/09/2021, 12:46 AManyone do a write-only RLS policy? I'm trying to make a simple insert only policy and it seem to fail with
Copy code
new row violates row-level security policy for tableb
burggraf
09/09/2021, 1:11 AMI ran into this. It’s because insert update and delete return the record by default and thus need a select policy. The solution is to add the `returning: minimal‘ parameter to your
insert()burggraf
09/09/2021, 1:13 AMburggraf
09/09/2021, 1:14 AM Copy code
By default, every time you run insert(), the client library will make a select to return the full record. This is convenient, but it can also cause problems if your Policies are not configured to allow the select operation. If you are using Row Level Security and you are encountering problems, try setting the returning param to minimal.q
quicksnap
09/09/2021, 1:17 AMahhh ok. I was GOING to try that but seeing "minimal" made me think it would run a "minimal" select query. I figured by default insert would not run a query.
b
burggraf
09/09/2021, 1:21 AMThis comes up so often I’m considering asking the team if maybe we should return minimal by default 🙂
s
soedirgo
09/09/2021, 5:40 AMAgreed with @User , we should change this as part of https://github.com/supabase/supabase-js/issues/170
v
Volkan
09/09/2021, 4:49 PM100% should be in the docs
Volkan
09/09/2021, 4:49 PMspent hours on this 😢
b
burggraf
09/09/2021, 6:44 PMIt’s in the docs but it’s certainly not clear enough. It should be spelled out:
If you’re using RLS then your user needs to have select access to the data if you want to be able to insert, update, or delete unless you use returning: minimal to override the default behavior.m
Miguel
09/10/2021, 10:48 PM@User how do I write this
The solution is to add the returning: minimal‘ parameter to your insert()b
burggraf
09/10/2021, 10:52 PMYou just add an extra parameter to your insert command. For example:
Copy code
const { data, error } = await supabase
.from('tablename')
.insert([
{
name: 'mark',
age: 123
}
],{returning: 'minimal'});m
Miguel
09/10/2021, 10:56 PMHmm, I am trying to do the same but I am using the C# Supabase NuGet Community Package and it's not working...
b
burggraf
09/11/2021, 12:34 AMSorry I’ve never used the C# library- you might want to hit up the maintainers and ask them about this.
m
Miguel
09/11/2021, 7:53 AMSure, thank you @User. I got it working by disabling the RLS altogether for now. Although, will this be a security concern or issue?
b
burggraf
09/11/2021, 1:16 PMYes you shouldn't turn off RLS. Can you just give full read (
selecta
acupofjose
09/15/2021, 11:52 PM@User hey man - saw you were asking for the return feature in the c# code, just added it into the repo for postgrest-csharp and am rolling it into the supabase main lib right now