I made a small free repo for testing a basic Supabase RLS pattern.
The idea is simple: frontend auth checks are not enough. If the browser can ask Supabase for every row, Postgres RLS should be the thing that says no.
The repo includes:
- a `todos` table
- `auth.uid()` ownership policies
- insert/update/delete protections
- anonymous access test
- basic pgTAP RLS test
Repo:
https://github.com/farhan86/supabase-rls-patterns-lite
Would appreciate feedback, especially from people building team/workspace apps with Supabase.
Quirky-Cicada-7942 shared a GitHub repository designed to help test basic Supabase Row Level Security (RLS) policies. The repo includes a 'todos' table, ownership policies, and protections for insert/update/delete actions. The user seeks feedback from those building team or workspace apps with Supabase.
I genuinely don’t understand what is so complex or scary about RLS policies that is causing 10 new RLS inspections tools posted here weekly, 90% just being AI slop.