Supabase is an open source Firebase alternative. Start your project with a Postgres database, Authentication, instant APIs, Edge Functions, Realtime subscriptions, and Storage.

Supabase

hey all, I was wondering what's the best way to restrict update permissions to only some columns in a table? I've run a `GRANT` command in a SQL editor, following the suggestions here https://github.com/supabase/supabase/discussions/346 but then there's no way that I can see to review the saved permissions. What happens if I rename a column for instance?

Hello <@158239952566484993>!
This thread has been automatically created from your message in <#843999948717555735> a ``few seconds ago``.

Pinging <@&951828363943759883> so that they see this as well!

**Want to unsubscribe from this thread?**
Right-click the thread in Discord (or use the ... menu) and select **Leave Thread** to unsubscribe from future updates.

**Want to change the title?**
Use the `/title` command!

**We have solved your problem?**
Click the button below to archive it.

You might be better off protecting columns with a before update trigger.  Basically set new.col = old.col and the column is protected from update.  You can also add in what ever security if statements you need like to allow specific users or roles to do the updates.  You mention one issue with grants and another is they are only on Postgres roles and not jwt auth roles.
https://dba.stackexchange.com/questions/74517/how-to-create-a-postgres-trigger-to-ensure-field-is-non-updateable

Thread was archived by <@158239952566484993>. Anyone can send a message to unarchive it.