RLS Setup Skill
Configure comprehensive Row Level Security policies for Supabase tables.
Purpose
Implement secure, performant RLS policies that control data access at the database level.
When to Use
- •User needs to secure table data
- •Requests permission-based access
- •Mentions RLS, security, or access control
- •Asks about user data isolation
- •Needs role-based access control
Instructions
- •
Analyze Access Requirements
- •Who can read data?
- •Who can create/update/delete?
- •Any special permission rules?
- •Multi-tenant considerations?
- •
Enable RLS
sqlALTER TABLE table_name ENABLE ROW LEVEL SECURITY;
- •
Create Policies
- •One policy per operation type (SELECT, INSERT, UPDATE, DELETE)
- •Use descriptive policy names
- •Wrap auth functions in SELECT for performance
- •Consider restrictive policies for additional security
- •
Test Policies
- •Test as different users
- •Verify expected access
- •Check performance impact
Common Policy Patterns
User Owns Record
sql
CREATE POLICY "Users can view own records" ON table_name FOR SELECT USING ((SELECT auth.uid()) = user_id);
Public Read, Authenticated Write
sql
CREATE POLICY "Public read access" ON table_name FOR SELECT USING (true); CREATE POLICY "Authenticated users can insert" ON table_name FOR INSERT WITH CHECK (auth.role() = 'authenticated');
Multi-tenant Isolation
sql
CREATE POLICY "Users see only their tenant data"
ON table_name FOR ALL
USING (
tenant_id = (SELECT auth.jwt()->>'tenant_id')::UUID
);
Restrictive MFA Policy
sql
CREATE POLICY "Require MFA for updates" ON sensitive_table FOR UPDATE AS RESTRICTIVE TO authenticated USING ((SELECT auth.jwt()->>'aal') = 'aal2');
Output Format
- •Complete RLS policy SQL
- •Explanation of each policy
- •Testing instructions
- •Performance optimization notes