https://supabase.com/ logo
Join Discord
Powered by
RLS insert trouble
# help
n
RLS insert trouble
Hey everyone, I'm having a heck of a time getting RLS inserts/upserts to work.
Here's my policy:
Copy code
sql
 CREATE POLICY "Enable insert for authenticated users only" ON public.profiles FOR INSERT WITH CHECK (true);
If I disable RLS, inserts work fine. As soon as I enable it, I get 
new row violates row-level security policy for table "profiles"
back from the server
For reference, here's the code that works with RLS disabled:
Copy code
typescript
supabase
    .from<Profile_AtRest>('profiles')
    .insert(profile)
    .then(({ data, error }) => {
      if (error) {
        console.error(error)
      }
      console.log(`Profile save finished`, { data, error })
    })
g
You also need select RLS for inserts/updates as supabase adds a select to return id info.
Your update RLS policy will also need a USING policy with or without the WITH CHECK
n
> You also need select RLS for inserts/updates as supabase adds a select to return id info. Thanks! Can you clarify what this means? How would I do this?
g
https://supabase.com/docs/guides/auth/row-level-security has samples but you need one for SELECT and one for UPDATE which allow user access like you did for insert.
n
@User Thanks, do you mean the insert will fail because there is no 
select
rule?
g
YES, from docs: By default, every time you run insert(), the client library will make a select to return the full record. This is convenient, but it can also cause problems if your Policies are not configured to allow the select operation. If you are using Row Level Security and you are encountering problems, try setting the returning param to minimal.
n
I see it now, thank you so much! Would it be okay if I suggested an edit to https://supabase.com/docs/learn/auth-deep-dive/auth-row-level-security#securing-your-tables as well?
PreviousNext
Powered by