Hey everyone, I'm the worst at SQL and I'm trying to create a RLS policy as follows: Plan ---- id, isPublic, ... PlansOnUsers ---- planId, userId Grant access to Plans only when plan isPublic = true or when user is accessing a plan with their own userId, does that make any sense? Is it possible?

Hello @Jenaro Calvino! This thread has been automatically created from your message in #843999948717555735 a few seconds ago. We have already mentioned the @User so that they can see your message and help you as soon as possible! Want to unsubscribe from this thread? Right-click the thread in Discord (or use the ``...`` menu) and select "Leave Thread" to unsubscribe from future updates. Want to change the title? Use the ``/title`` command! We have solved your problem? Click the button below to archive it.

Not tested, but probably something like (mainly copied from : https://supabase.com/docs/guides/auth/row-level-security#policies-with-joins)

select using (
    is_public = true OR auth.uid() in (
      select user_id from plans_on_users
      where plan_id = id
    )
)

If you are really using capital letters then all the names in double quotes like "isPublic". Unless you are being forced to by something like Prisma, it is a bad idea to use caps in Postgres.

Thanks! I'll try this out, yeah exactly, all the caps are because of prisma 😓

id is from your Plan table which your RLS is on correct? If you have id in PlansOnUsers then might have to do "Plan".id or some such when caps are involved...

Yeah it worked! I just didn't realize you could access the fields of the row in the where clause like that