I'm starting with supabase and I want to implement in my app the ability to SELECT, INSERT, UPDATE and DELETE only for admin users. At the moment I can only create users with the "authenticated" role, is there a way to change this to admin role? Thanks.
Asked
Active
Viewed 1,628 times
2 Answers
0
You can use RLS to restrict access to certain users. See an example here: https://github.com/supabase/supabase/discussions/1138#discussioncomment-604345
thorwebdev
- 818
- 4
- 9
0
You can use RLS for this if you want custom roles. The way I used is documented on GitHub: https://github.com/supabase-community/supabase-custom-claims
If you implemented it this way you can create a policy like the code below:
CREATE POLICY "Insert only when the role is assigned" ON "public"."yourtable"
AS PERMISSIVE FOR INSERT
TO authenticated
WITH CHECK ((get_my_claim('userrole'::text) = '"ADMIN"'::jsonb))
This policy will check if the role ADMIN exists and returns true. If it is true then you will be able to insert it into the table.
NOTE:
If you have applied the role and want to test it in a application then you need to log out and back in to have the auth object be updated with the newly applied role.
Inb4cookies
- 165
- 2
- 9