IKF RLS Policy Designer
Objective
Design a secure Supabase schema and RLS policy set that enforces total privacy.
Constraints
- •Only authenticated users can read anything.
- •RLS enabled for all forecast tables.
- •Users can only access rows for their org_id.
- •Admins can ingest/modify; employees read-only.
- •Avoid exposing raw forecast data unnecessarily; prefer views/endpoints returning only needed fields.
Deliverables
- •Proposed tables: profiles, organizations, user_roles, forecast_runs, forecasts (canonical rows).
- •RLS policies per table.
- •Recommended indexes (performance).
- •A step-by-step RLS test plan (what to run as admin vs employee vs anon).