[BUG]: RLS Policies not applied with `push` but applied with `migrate`
Problem
Report hasn't been filed before. - [x] I have verified that the bug I'm about to report hasn't been filed before. What version of `drizzle-orm` are you using? 0.36.0 What version of `drizzle-kit` are you using? 0.27.2 Other packages _No response_ What is the undesired behavior? Using `drizzle-kit push` does not apply the RLS policy SQL statements correctly. However, using `drizzle-kit generate` and `drizzle-kit migrate` does apply these policies as expected. | Command | Supabase Evidence | |--------|--------| | After running `drizzle-kit push` | | | After running `drizzle-kit generate` and `drizzle-kit migrate` | | What are the steps to reproduce it? - I'm using Supabase with Postgres v15.1.1.47 - I don't think this bug pertains to a driver, see below. - I don't think this bug is related to the runtime, see below. - I'm working on a monorepo, but I isolated this issue in a fresh Supabase project and database, and on a separate repo. Minimal reproducible example package.json [code block] index.ts [code block] drizzle.config.ts [code block] What I've tried to fix it 1. Use the `link` API. index.ts [code block] 2. Use different runtimes: - Node v23.1.0, npm v10.9.0 - Deno v2.0.5 - Bun v1.1.34 - pnpm v9.12.3 3. Use a different driver: package.json [code block] 4. Remove the `entities` property in drizzle.config.ts: drizzle.config.ts [code block] 5. Upgrade Postgres version: - Postgres v15.6.1.135 What is the desired result? I expected `drizzle-kit p
Unverified for your environment
Select your OS to check compatibility.
1 Fix
[FIX]: Ensure RLS Policies are Applied with `drizzle-kit push`
The issue arises because the `drizzle-kit push` command does not correctly handle the execution of RLS policy SQL statements, which are necessary for applying Row-Level Security (RLS) in PostgreSQL. This inconsistency may be due to differences in how `push` and `migrate` handle schema changes and SQL execution order.
Awaiting Verification
Be the first to verify this fix
- 1
Update Drizzle ORM and Kit
Ensure that you are using the latest versions of `drizzle-orm` and `drizzle-kit`, as updates may contain bug fixes related to RLS policy application.
bashnpm install drizzle-orm@latest drizzle-kit@latest - 2
Modify RLS Policy Application
Explicitly define the RLS policies in your migration files instead of relying on `push`. This ensures that the policies are applied in the correct order during migrations.
sqlCREATE POLICY your_policy_name ON your_table_name FOR SELECT USING (your_condition); - 3
Use `drizzle-kit migrate` as a workaround
As a temporary workaround, continue using `drizzle-kit generate` followed by `drizzle-kit migrate` to ensure that RLS policies are applied correctly until the issue with `push` is resolved.
bashdrizzle-kit generate && drizzle-kit migrate - 4
File a Bug Report
If the issue persists after updating and modifying the policy application, file a detailed bug report with the maintainers of `drizzle-kit` to address the inconsistency with the `push` command.
textInclude steps to reproduce and any relevant logs.
Validation
To confirm the fix, run `drizzle-kit push` and verify that the RLS policies are correctly applied by checking the database schema and testing access controls. If the policies are present and functioning as expected, the issue is resolved.
Sign in to verify this fix
Environment
Submitted by
Alex Chen
2450 rep