Supabase
Row Level Security with user meta data does not work (example in docs does not work) #33367
Replies: 4 comments
-
|
The example is using an array of teams I believe. In works on arrays not sure it will work for what you want to do if those are just bigints. I don't know if casting is needed for that case or not as it might know the array type. I've not tested that.
Note also you are using user metadata which is not secure as the user can change their organization at anytime. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @GaryAustin1, unfortunately it does not work, have tried a gazillion things so maybe it is just not possible. Will have to remove RLS from all tables with "update" procedures whereby the condition cannot use auth.uid() or equivalent (which works). I am stuck on this for about a week. Will also move to app_metadata or queried data instead of user_metadata (thanks) |
Beta Was this translation helpful? Give feedback.
-
|
I had a similar issue and was using arrays as a way to add the info into the app_metadata and this is what ended up working for me: |
Beta Was this translation helpful? Give feedback.
-
|
Hi everyone, due to inactivity on this issue I've moved the issue over to discussions/enhancements. |
Beta Was this translation helpful? Give feedback.
-
Bug report
I follow the example as explained here: https://supabase.com/docs/guides/auth/row-level-security. It shows the following example:
I try to use this for my own example, whereby I update the organisation table, and the organisationId is in the user meta data
Both the "id" and "organisationId" are bigints, and I have tried all possible type casts, but nothing works. How can I make this work? Once it works, I will make a request to update the documentation with examples that work.
Thanks
Beta Was this translation helpful? Give feedback.
All reactions