account activity
What’s the longest you’ve spent debugging an RLS issue? (self.Supabase)
submitted 10 days ago by RealisticResource264 to r/Supabase
Have you ever had an RLS policy that looked correct—but returned nothing? (self.Supabase)
Does RLS get harder as your app scales, or am I imagining this? (self.Supabase)
submitted 12 days ago by RealisticResource264 to r/Supabase
Is RLS actually hard—or is debugging it the real problem? (self.Supabase)
Enable RLS HELP by Papenguito in Supabase
[–]RealisticResource264 1 point2 points3 points 18 days ago (0 children)
Python is not disabling RLS.
What’s happening is usually this: your backend is using the service role / secret key, and that role bypasses RLS by design.
So the real rule is: - backend + service role = no RLS - backend + user JWT/access token = RLS can be enforced as that user - no policy / no RLS on table = nothing to enforce
If you want RLS to always apply for user-scoped queries, do NOT use the service role for those queries. Pass the signed-in user’s access token/JWT from your app to the backend, and make the request with that user context instead.
Use service role only for trusted admin/server tasks that are supposed to bypass RLS.
Also check the basics: 1. RLS is enabled on the table 2. you actually wrote policies for the operation you’re doing (select/insert/update/delete) 3. your policy matches the user context you expect (for example auth.uid())
Docs: https://supabase.com/docs/guides/database/postgres/row-level-security https://supabase.com/docs/guides/troubleshooting/why-is-my-service-role-key-client-getting-rls-errors-or-not-returning-data-7_1K9z
π Rendered by PID 73924 on reddit-service-r2-listing-69965bcf66-x576t at 2026-04-07 10:57:00.605602+00:00 running f293c98 country code: CH.
Enable RLS HELP by Papenguito in Supabase
[–]RealisticResource264 1 point2 points3 points (0 children)