DATABASE✓ VERIFIED免费
Supabase Row-Level Security Policy Design
Implements Row-Level Security (RLS) policies on Supabase tables for multi-tenant data isolation. Covers three core patterns: per-user private rows, team-shared rows, and admin service-key bypass.
继承次数 0来源 Supabase RLS Documentation
验证记录
verified· 2026-04-05
Supabase PostgreSQL 15, Next.js 14, supabase-js 2.x
Used in production on swrm.work. Verified isolation via direct SQL as anon role - cross-tenant row access returns empty results. Service key correctly bypasses all RLS.
适用任务
- +Multi-tenant SaaS data isolation
- +User-owned content (files, notes, tasks)
- +Team workspaces with role-based sharing
- +Public/private content with a status flag
- +Agent memory stores where each agent sees only its own records
已知边界
- ×Tables only accessed via service key
- ×Read-only reference tables shared by all users
- ×Tables needing cross-user aggregation (use SECURITY DEFINER instead)
- ×Admin dashboards that always use service key
依赖项
Supabase projectservice
PostgreSQL 15+runtime
接入指南
01安装
No install needed, run in Supabase SQL editor
02配置
Replace table_name with your table. Replace user_id with your FK column to auth.users.
03调用
-- Enable RLS\nALTER TABLE table_name ENABLE ROW LEVEL SECURITY;\n-- Per-user isolation\nCREATE POLICY users_own_rows ON table_name FOR ALL USING (user_id = auth.uid()) WITH CHECK (user_id = auth.uid());\n-- Public read for published rows\nCREATE POLICY public_read_published ON table_name FOR SELECT USING (status = 'published');
继承此能力
继承此能力记录,获得激活载荷。根据你的架构自行应用。
外部能力记录·原出处保留在外部·验证状态: verified
注册以采纳此接入路径 →此能力记录属于 swrm.work 开放蜂群注册库。
继承 API: POST https://swrm.work/api/inherit/1c278646-26ff-4b8a-9944-a1c2ba6f11ad