add SQL migration to enable Row Level Security on modules table
This commit is contained in:
24
supabase/migrations/20260311_enable_rls_modules.sql
Normal file
24
supabase/migrations/20260311_enable_rls_modules.sql
Normal file
@@ -0,0 +1,24 @@
|
||||
-- Enable Row Level Security on the modules table.
|
||||
-- This blocks all direct PostgREST access by default.
|
||||
-- The backend app connects via the service role (DATABASE_URL), which bypasses RLS,
|
||||
-- so existing functionality is unaffected.
|
||||
|
||||
ALTER TABLE public.modules ENABLE ROW LEVEL SECURITY;
|
||||
|
||||
-- Deny all access to anonymous (unauthenticated) PostgREST callers.
|
||||
-- No policy = no access. This is the default when RLS is enabled, but
|
||||
-- the explicit policy below makes the intent clear.
|
||||
CREATE POLICY "deny_anon" ON public.modules
|
||||
AS RESTRICTIVE
|
||||
FOR ALL
|
||||
TO anon
|
||||
USING (false);
|
||||
|
||||
-- Deny all access to authenticated PostgREST callers too.
|
||||
-- The modules table is internal admin-only and should never be
|
||||
-- queried directly via the Supabase REST API.
|
||||
CREATE POLICY "deny_authenticated" ON public.modules
|
||||
AS RESTRICTIVE
|
||||
FOR ALL
|
||||
TO authenticated
|
||||
USING (false);
|
||||
Reference in New Issue
Block a user