Hi all, I'm having issues setting up RLS for the first time. I'm using querying Supabase from a serverless function with Prisma, not via the API key. After enabling RLS I'm still able to access the table without restriction. I also tried adding a policy to the table to restrict everything , i.e.:

CREATE POLICY "Restrict" ON "public"."<mytable>" AS PERMISSIVE FOR ALL TO public USING (false)

, but that didn't yeild any results either. Select statements are still going through just fine. Am I misconfiguring something or is RLS not intended to work when connecting server-side with the connection URI?

Hello @mnaircckel! This thread has been automatically created from your message in #843999948717555735 a few seconds ago. We have already mentioned the @User so that they can see your message and help you as soon as possible! Want to unsubscribe from this thread? Right-click the thread in Discord (or use the ``...`` menu) and select "Leave Thread" to unsubscribe from future updates. Want to change the title? Use the ``/title`` command! We have solved your problem? Click the button below to archive it.

Prisma uses postgres user as I understand it. RLS is bypassed by postgres user.

That's my understanding too. So you can't use the RLS feature at all if you are querying with the postgres user?

Well can't is pretty strong. You could probably modify the role's privileges but you would likely open a whole host of other issues as that user does alot of things. I really don't know that level of detail. But I don't think you want to go there.

When row security is enabled on a table (with ALTER TABLE ... ENABLE ROW LEVEL SECURITY), all normal access to the table for selecting rows or modifying rows must be allowed by a row security policy. (However, the table's owner is typically not subject to row security policies.)