RLS Policy on Insert #270

inbytesdevteam · 2020-10-31T02:41:14Z

inbytesdevteam
Oct 31, 2020

Hi! I read up on Row Level Security and I'm trying to implement it in our supabase database.

We have a table of subscribers which should allow SELECT access to admin users, and INSERT access to all, even without logging in.

I've already implemented the read access part for admin users, but I'm having trouble with the INSERT part. Here's the policy I added:

CREATE POLICY "Allow all insert access" on subscribers FOR INSERT WITH CHECK (true);

However, when I try to insert a subscriber, this error shows up:

Uncaught (in promise) Error: {"hint":null,"details":null,"code":"42501","message":"new row violates row-level security policy for table \"subscribers\""}

Hope I can ask for help on this! I also checked if the docs already have support for Policies and saw that it is still in the list of issues to do.

Answered by soedirgo

Dec 22, 2020

Hey @inbytesdevteam! Sorry this took so long.

This is now merged in supabase-js, and will be released in the next version. Then you can do:

await supabase.from('subscribers')
    .insert({...}, { returning: 'minimal' })

And likewise for other write-only tables. Ref: supabase/postgrest-js#133

View full answer

steve-chavez · 2020-10-31T07:03:43Z

steve-chavez
Oct 31, 2020
Maintainer

Hey @inbytesdevteam

I think this could be an issue with postgrest-js(which supabase-js uses underlyingly). I've reported it here: supabase/postgrest-js#127.

0 replies

soedirgo · 2020-12-22T16:53:04Z

soedirgo
Dec 22, 2020
Maintainer

Hey @inbytesdevteam! Sorry this took so long.

This is now merged in supabase-js, and will be released in the next version. Then you can do:

await supabase.from('subscribers')
    .insert({...}, { returning: 'minimal' })

And likewise for other write-only tables. Ref: supabase/postgrest-js#133

7 replies

LeoHeuser Nov 27, 2021

Exactly what I need. @soedirgo, do you know how to implement this in Swift?

Thanks and best ✌🏼

soedirgo Nov 30, 2021
Maintainer

I'm not familiar with postgrest-swift, but this just adds an HTTP header (Prefer: return=minimal) so shouldn't be difficult to implement.

LeoHeuser Nov 30, 2021

Thx for the tip. You were right. You can pass it in an array with the client in Swift.

Sometimes but you have to write "prefer" with lower letters. And sometimes it still shows a security violation - seems a bit buggy.

But this helps me a lot. Thx again. ✌🏼

siisee11 Sep 19, 2023

There is no options named returning on insert function.

steve-chavez Sep 19, 2023
Maintainer

@siisee11 Nowadays you do insert().select() to get the result from an insert. select() is not done by default for insert() or other mutations.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Supabase

RLS Policy on Insert #270

Uh oh!

{{title}}

Uh oh!

Replies: 2 comments 7 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Supabase

RLS Policy on Insert #270

Uh oh!

inbytesdevteam Oct 31, 2020

Replies: 2 comments · 7 replies

Uh oh!

steve-chavez Oct 31, 2020 Maintainer

Uh oh!

soedirgo Dec 22, 2020 Maintainer

Uh oh!

LeoHeuser Nov 27, 2021

Uh oh!

soedirgo Nov 30, 2021 Maintainer

Uh oh!

LeoHeuser Nov 30, 2021

Uh oh!

siisee11 Sep 19, 2023

Uh oh!

steve-chavez Sep 19, 2023 Maintainer

inbytesdevteam
Oct 31, 2020

Replies: 2 comments 7 replies

steve-chavez
Oct 31, 2020
Maintainer

soedirgo
Dec 22, 2020
Maintainer

soedirgo Nov 30, 2021
Maintainer

steve-chavez Sep 19, 2023
Maintainer