FG
๐Ÿ’ป Software๐Ÿ—„๏ธ Databases

Permissions denied for table using API but works with SupabaseClient

Fresh3 days ago
Mar 14, 20260 views
Confidence Score59%
59%

Problem

Bug report Describe the bug When trying to access data from some API endpoints, like this: /rest/v1/leads?select=* I get this error: [code block] when doing the same using JS client like this: [code block] I successfully get the data. Although enabling or disabling RLS has no impact. I'm using the same anon API key in both situations. To Reproduce I am creating these tables using the following function: [code block] I tried to enable and disable RLS from UI and from SQL editor but didn't change anything. I also tried to use the service role KEY when using API, but the same error above showed. When creating the tables from the UI, everything seems to work as intended. Expected behavior I was expecting to be able to create tables programmatically from the client-side so I'm trying to do it using functions. I'm using the function like this: [code block] Am I missing something?

Error Output

error } = await supabase

Unverified for your environment

Select your OS to check compatibility.

1 Fix

Canonical Fix
Unverified Fix
New Fix โ€“ Awaiting Verification

Fix API Permissions for Programmatically Created Tables

Medium Risk

The issue arises from the fact that Row Level Security (RLS) policies are not automatically applied to tables created via functions. When tables are created through the Supabase client, default permissions and policies are set correctly, but when created programmatically, these settings may not be applied, leading to permission errors when accessing data via the API.

Awaiting Verification

Be the first to verify this fix

  1. 1

    Verify RLS Policies

    Check if the RLS policies are correctly set for the tables created programmatically. If they are not, define appropriate policies to allow access for the anon role.

    sql
    CREATE POLICY "Allow read access for anon" ON leads FOR SELECT USING (true);
  2. 2

    Add Default Permissions

    Ensure that default permissions are set for the anon role on the newly created tables. This can be done by executing the following SQL commands after table creation.

    sql
    GRANT SELECT ON leads TO anon;
  3. 3

    Test API Access

    After applying the above changes, test the API endpoint again to confirm that the permissions are correctly set and that data can be accessed without errors.

    javascript
    const { data, error } = await supabase.from('leads').select('*');
  4. 4

    Review Table Creation Function

    Review the function used to create tables to ensure that it includes the necessary SQL commands to set RLS policies and permissions immediately after table creation.

    javascript
    async function createLeadsTable() { await supabase.rpc('create_leads_table'); await supabase.rpc('set_leads_permissions'); }

Validation

Confirm that the API endpoint /rest/v1/leads?select=* returns the expected data without permission errors. Additionally, verify that the RLS policies and permissions are correctly configured in the Supabase dashboard.

Sign in to verify this fix

Environment

Submitted by

AC

Alex Chen

2450 rep

Tags

supabasepostgresqlbackendbugp3