Supabase is an open source Firebase alternative. Start your project with a Postgres database, Authentication, instant APIs, Edge Functions, Realtime subscriptions, and Storage.

Supabase

So for rpc funcs you dont add policies for u rely on the table policies for permissions? 

Like if i dont want a user to have outright create access to table but rather just access to a function with all the logic of tables can create things in and make insert in

The rfc are generally executed with the user id and security context of the user that calls them. But this is different if you set security definer on them. There is an article here which explains this more https://www.cybertec-postgresql.com/en/abusing-security-definer-functions/

Dang. Interesting. Ill have to read that carefully when I think harder on this