Postgres

Row-Level Security (RLS)

Row-Level Security (RLS) is a Postgres feature introduced in 9.5 that attaches policies to a table. Each policy is a SQL expression returning boolean. Postgres evaluates the policy on every SELECT, INSERT, UPDATE, or DELETE; rows that fail are invisible to the caller.

On Supabase, RLS is the primary authorization layer. PostgREST forwards the caller's JWT claims into Postgres GUCs (request.jwt.claims); policies read those claims via helpers like auth.uid(). The database itself decides what the user can see and do.

Two switches enable RLS per table: ALTER TABLE ... ENABLE ROW LEVEL SECURITY and at least one CREATE POLICY. Without policies, RLS denies everything - default-deny is the safe behaviour but a common cause of "my reads stopped working".

Read further

ArticlePractical RLS guide
GuideAdd RLS without breaking production
ArticleMulti-tenant SaaS on Postgres