RLS Enabled No Policy
Level: INFO
Rationale
In Postgres, Row Level Security (RLS) policies control access to rows in a table based on the executing user. If a table has RLS enabled, but no policies exist, no data will be selectable via Supabase APIs.
How to Resolve
If a table has RLS enabled with no policies, you can resolve the issue by creating a policy on the table
For example:
1 2 3 |
|
Example
Given the schema:
1 2 3 4 5 6 7 |
|
No data will be selectable from the public.blog table over Supabase APIs.
To resolve the issue, create a policy on public.blog
to grant some level of access
1 2 3 |
|
Note that some users may enable RLS with no policies intentionally to restrict access over APIs. In those cases we recommend making that intent explicit with a rejection policy.
1 2 3 |
|