/supabase-tutorials

How to write Row Level Security policies in Supabase?

Learn how to set up and configure Row Level Security in Supabase by creating tables, enabling RLS, and writing policies to protect your data.

Book a free  consultation
Matt Graham, CEO of Rapid Developers

Book a call with an Expert

Starting a new venture? Need to upgrade your web app? RapidDev builds application with your growth in mind.

Book a free No-Code consultation

How to write Row Level Security policies in Supabase?

 

Step 1: Set Up Your Supabase Project

 

Before writing Row Level Security (RLS) policies in Supabase, ensure you have a Supabase project set up. If you don't have one yet, follow these steps:

  1. Go to the Supabase website and sign up or log in.
  2. Click on "New Project" and provide the necessary details such as project name, password, and region.
  3. Once the project is created, you'll have access to the project dashboard.

 

Step 2: Create a New Table

 

To apply RLS policies, you need a table in your database. Let's create an example table:

  1. Navigate to the "Database" section in your Supabase dashboard.
  2. Click on "Tables" in the sidebar, then "New Table".
  3. Name the table orders and add the following columns:
    • id: Integer, Primary Key
    • user_id: UUID (Relationship with the Auth users table)
    • product: Text
    • quantity: Integer
  4. Click "Save" to create the table.

 

Step 3: Enable Row Level Security

 

RLS is not enabled by default, so you need to turn it on for your table.

  1. In the Supabase dashboard, open the "SQL Editor" section.

  2. Execute the following SQL command to enable RLS for the orders table:

    ```sql
    ALTER TABLE orders ENABLE ROW LEVEL SECURITY;
    ```

 

Step 4: Create an RLS Policy

 

With RLS enabled, define policies that specify which rows users can access. Let’s create a policy that allows users to view only their own orders.

  1. Go back to the "SQL Editor".

  2. Add and run a SQL query to create a policy:

    ```sql
    CREATE POLICY "Users can view their own orders"
    ON orders
    FOR SELECT
    USING (auth.uid() = user_id);
    ```

    This policy ensures that users can only see rows where user_id matches their own auth.uid().

 

Step 5: Test Your Policy

 

To confirm that your RLS policy works as expected, test it using the Supabase dashboard or any client application.

  1. Try fetching data from the orders table as a logged-in user.
  2. Ensure the results only include the user's own orders.

 

Step 6: Create Additional Policies as Needed

 

You might need more policies based on your application's requirements. For instance, allowing users to update or delete their orders:

  1. Create a policy for updating records:

    ```sql
    CREATE POLICY "Users can update their own orders"
    ON orders
    FOR UPDATE
    USING (auth.uid() = user_id);
    ```

  2. Create a policy for deleting records:

    ```sql
    CREATE POLICY "Users can delete their own orders"
    ON orders
    FOR DELETE
    USING (auth.uid() = user_id);
    ```

 

Step 7: Review and Maintain Policies

 

Regularly review your RLS policies to ensure they still meet your needs as your application evolves. Adjust or create new policies when necessary. Always test thoroughly after making changes to ensure that your policies function as intended.

 

Congratulations, you've set up Row Level Security policies in Supabase! This setup ensures that users can only see and modify data they are authorized to access, enhancing your application's security.

Want to explore opportunities to work with us?

Connect with our team to unlock the full potential of no-code solutions with a no-commitment consultation!

Book a Free Consultation

Client trust and success are our top priorities

When it comes to serving you, we sweat the little things. That’s why our work makes a big impact.

Rapid Dev was an exceptional project management organization and the best development collaborators I've had the pleasure of working with. They do complex work on extremely fast timelines and effectively manage the testing and pre-launch process to deliver the best possible product. I'm extremely impressed with their execution ability.

CPO, Praction - Arkady Sokolov

May 2, 2023

Working with Matt was comparable to having another co-founder on the team, but without the commitment or cost. He has a strategic mindset and willing to change the scope of the project in real time based on the needs of the client. A true strategic thought partner!

Co-Founder, Arc - Donald Muir

Dec 27, 2022

Rapid Dev are 10/10, excellent communicators - the best I've ever encountered in the tech dev space. They always go the extra mile, they genuinely care, they respond quickly, they're flexible, adaptable and their enthusiasm is amazing.

Co-CEO, Grantify - Mat Westergreen-Thorne

Oct 15, 2022

Rapid Dev is an excellent developer for no-code and low-code solutions.
We’ve had great success since launching the platform in November 2023. In a few months, we’ve gained over 1,000 new active users. We’ve also secured several dozen bookings on the platform and seen about 70% new user month-over-month growth since the launch.

Co-Founder, Church Real Estate Marketplace - Emmanuel Brown

May 1, 2024 

Matt’s dedication to executing our vision and his commitment to the project deadline were impressive. 
This was such a specific project, and Matt really delivered. We worked with a really fast turnaround, and he always delivered. The site was a perfect prop for us!

Production Manager, Media Production Company - Samantha Fekete

Sep 23, 2022