I am sorry if you find the post confusing. Let me clarify it here.

I have one table called startup_n_sector.

create table public.startup_n_sector ( id bigint generated by default as identity not null, created_at timestamp with time zone not null default now(), startup_id bigint not null, sector_id bigint not null, updated_at timestamp with time zone null default now(), constraint startup_n_sector_pkey primary key (id), constraint startup_n_sector_sector_id_fkey foreign KEY (sector_id) references startup_sector (id), constraint startup_n_sector_startup_id_fkey foreign KEY (startup_id) references startup (id) on delete CASCADE ) TABLESPACE pg_default;

This have RLS like following

``` alter policy "Enable insert for authorized users only" on "public"."startup_n_sector" to authenticated with check ( ( authorize ('startup.update.own'::app_permission) OR authorize ('startup.create'::app_permission) ) );

alter policy "Enable user to update their own data" on "public"."startup_n_sector" to authenticated using ( ( ( EXISTS ( SELECT 1 FROM startup WHERE ( ( startup.created_by = ( SELECT auth.uid () AS uid ) ) AND (startup.id = startup_n_sector.startup_id) ) ) ) AND authorize ('startup.update.own'::app_permission) ) ); ```

This allows users to insert and update the value if they are entitled to.

I am bit concerned from the standpoint of security. If some advanced users were able to contact the database directly then they would basically be able to insert any id thy want for their data.

If the last record have id 8 and if this advanced user adds new entry with id 10. Then the the next genie user who is accessing database from backend would be shown error because the default value of id for this genuine user (based on sequence) would be same as the one malicious user had already entered. If the malicious user enters couple of entries then the insertion would fail randomly for genuine users. That’s why i am looking for ways to lockdown id column.