6

I'm trying to insert a row in my table which has RLS enabled and the Enable insert for authenticated users only policy added. Unfortunately, I cannot insert even though I'm correctly login.

Steps to reproduce:

  1. Create submissions table
create table submission (
  stuff text
);
  1. Enable RLS
alter table submissions
  enable row level security
  1. Add Policy
CREATE POLICY "Enable insert for authenticated users only" ON public.submissions FOR INSERT WITH CHECK (auth.role() = 'authenticated');

  1. On client, I log in using magic links (the object is correctly added in localstorage so I know I'm log in)

  2. I try to insert

const { data, error } = await supabase
 .from("submissions")
 .insert({ stuff: 'hello' });

The Authorization Bearer <Jwt> is present in http call.

  1. But I got error
{
  "hint":null,
  "message":"new row violates row-level security policy for table \"submissions\"",
  "code":"42501",
  "details":null
}

What am I doing wrong here?

Improve this question

2 Answers 2

Reset to default
10

I found what was wrong.

The thing is, the default behaviour of supabase.insert returns the row we just inserted, in other words it selects it (reads it) from the table. As I didn't added a Policy to read the table, it failed.

So two solutions:

  1. Add a new Policy to be able to SELECT from that table
  2. Add { returning: "minimal" } to the supabase.insert so it does not send the row back
Improve this answer
1

Yep -- I ran into the same thing the first time I tried to add a RLS policy that only allowed INSERT and not SELECT (for letting users log info to a table.)

We've discussed making { returning: "minimal" } the default for insert, update, and delete, but I don't think that will happen.

It's just something to be aware of (and it is in the documentation, but easy to miss.)

Improve this answer
4
  • Thanks @Mark! Maybe if you could check other issue of mine as well, that would be fantastic: github.com/supabase/supabase/discussions/3524 :)
    – KevinTale
    Oct 14, 2021 at 15:16
  • 1
    Done! And I'm happy to help.
    – Mark Burggraf
    Oct 14, 2021 at 15:39
  • Awesome! Thanks @Mark, that will be helpful. If you'll have some spare time, I would be happy to jump on a quick call (google meet or something, it should last 20min or so :)) with you to talk about the (definitly improvable) design structure I've set up for my voting system. If you do have some spare time, let me know and I'll send you an email :) Many thanks!
    – KevinTale
    Oct 14, 2021 at 15:44
  • The best thing to do is to join our Discord channel and hit me up (or one of the other developers). You can reach me there as @burggraf.
    – Mark Burggraf
    Oct 14, 2021 at 18:24

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.