Implement Authorization using Row Level Security (RLS) with Supabase (Step By Step Guide)
HTML-код
- Опубликовано: 2 сен 2021
- In this video, Jon Meyers explains how Row Level Security (RLS) works, why you should enable it and how to enable RLS / Row Level Policies in Supabase.
▶ Read more HERE: supabase.com/docs/guides/auth...
Jon steps through implementing some common policies using the Supabase Dashboard and demonstrates how rules across multiple tables can work together to restrict access.
PostgreSQL provides a simple syntax for RLS, allowing access rules to be declared in the Database itself. This can make queries more efficient as the client can query the Database directly, without the need for a middleware API.
Additionally, RLS can help to protect the Database against poorly written API code that could potentially leak or compromise sensitive data.
▶ Read more about RLS and Auth HERE: supabase.com/docs/guides/auth...
Jon from Supabase is back, helping you understand the power and benefits of Row Level Security (RLS) in PostgreSQL, and how easy it actually is to implement in your apps. RLS might sound difficult to implement or something that you can't do yourself, but with Supabase's new AI tools, it's simpler and more accessible than ever - ANYONE can do it.
What you'll learn in the RLS Supabase tutorial video:
✅ Understanding RLS: Discover what RLS is and how it serves as a robust method to implement authorization directly in your PostgreSQL database.
✅Learn the differences between queries NOT using RLS and the benefits of RLS (Row Level Security Policies) and why you REALLY need to start using them!
✅ How to Activate RLS in Supabase SAFELY: Learn how to activate RLS through the Supabase dashboard or by using SQL commands within the Supabase SQL editor, so your tables are securely managed.
✅ Creating and Testing RLS Policies: Step-by-step guidance on writing policies that control who can see, edit, or delete data, demonstrated with practical examples such as managing the visibility of blog posts and comments.
✅ Testing RLS for Specific Users: Find out how to test these policies you’ve set up to see how they behave for different user roles, making sure your application's security is dynamic depending on your policy.
By the end of this tutorial, you'll know how to set up RLS policies for your projects in Supabase, ensuring that your database only reveals what it should to the right users.
We hope this helped you master your database security. Start using RLS with Supabase today!
Chapters:
0:07 What you’ll learn
0:22 Architecture Without Row Level Security (RLS) - Client, API, PostgreSQL
0:53 Architecture With Row Level Security (RLS) benefits
1:37 How to implement Row Level Security policies in Supabase
2:22 Application using the database
3:20 Use and Enable Row Level Policy
4:52 How to add a new policy
6:31 How to review final RLS policy and show equivalent SQL statement
7:56 Create a new policy so that everyone can see published post
12:56 Create rule/policy for insert
14:30 Create a policy for deleting comments
16:09 Check logged-in user is the user who created the post
💻 Videos to watch next:
▶ Watch ALL Postgres/Supabase videos: • Learn Postgres
▶ Add RLS to your apps and websites with Supabase & AI: • Use AI to enable and g...
▶ Supabase is now GA: • Supabase is now GA
👇 Learn more about Supabase 👇
🕸 Website: supabase.com/
🏁 Get started: app.supabase.com/
📄 Docs: supabase.com/docs
🔔 Subscribe for more tutorials and feature updates from Supabase: / @supabase
📱 Connect with Us:
🐙 Github: www.github.com/supabase
💬 Discord: www.discord.supabase.com/
🐦 Twitter: / supabase
▶ Instagram (follow for memes): / supabasecom
ABOUT SUPABASE:
Supabase is the open source Firebase alternative. Supabase provides a full Postgres database for every project with pgvector, backups, realtime, and more. Add and manage email and password, passwordless, OAuth, and mobile logins to your project through a suite of identity providers and APIs.
Build in a weekend, scale to millions.
#Supabase #AppDevelopment #RealtimeApps #DeveloperTools
Learn more:
what is the difference between 'USING expression' and 'WITH CHECK expression' ?
Jon is an excellent teacher. He's entertaining to watch, but also does a great job of providing meaningful examples. Thanks!
Maybe I'm missing something, but it's not at all clear to me how the db gets the user's id, for instance. Is this placed in the request? My understanding is that the db receives the request from the app, but is not aware of any app-side data.
This is going to be a nightmare to manage and test. This is ok for small and hobby projects, but beyond that......
wheres the source code for this?
Is this codebase opensourced?
Is it possible to see the github repo for this example? :)
What if we want to server-side render everything? Then all of this is totally irrelevant right?
What is 'WITH CHECK' for? I don't understand why it's necessary.
Awesome video! Much needed for understanding RLS!
Rough outline
I think Jon's convention to make table names singular is interesting and feels more natural when doing queries
Thanks! The note "we see it from the point of view of how the user gets the data" or something like that saved me.
Thank you Jon for explaining RLS with supabase!
Ohhh, this video it's fantastic, I have been fight with theses issues for 2 days. Thank you.👍
Thats was super clear and incredibly useful!
That was a fun video to watch, thanks Jon!
This was a really helpful video. Thanks for going through so many examples in detail.
RLS has been a concept that has constantly eluded my mind. At least until now