add SQL migration to enable Row Level Security on modules table
This commit is contained in:
24
supabase/migrations/20260311_enable_rls_modules.sql
Normal file
24
supabase/migrations/20260311_enable_rls_modules.sql
Normal file
@@ -0,0 +1,24 @@
|
|||||||
|
-- Enable Row Level Security on the modules table.
|
||||||
|
-- This blocks all direct PostgREST access by default.
|
||||||
|
-- The backend app connects via the service role (DATABASE_URL), which bypasses RLS,
|
||||||
|
-- so existing functionality is unaffected.
|
||||||
|
|
||||||
|
ALTER TABLE public.modules ENABLE ROW LEVEL SECURITY;
|
||||||
|
|
||||||
|
-- Deny all access to anonymous (unauthenticated) PostgREST callers.
|
||||||
|
-- No policy = no access. This is the default when RLS is enabled, but
|
||||||
|
-- the explicit policy below makes the intent clear.
|
||||||
|
CREATE POLICY "deny_anon" ON public.modules
|
||||||
|
AS RESTRICTIVE
|
||||||
|
FOR ALL
|
||||||
|
TO anon
|
||||||
|
USING (false);
|
||||||
|
|
||||||
|
-- Deny all access to authenticated PostgREST callers too.
|
||||||
|
-- The modules table is internal admin-only and should never be
|
||||||
|
-- queried directly via the Supabase REST API.
|
||||||
|
CREATE POLICY "deny_authenticated" ON public.modules
|
||||||
|
AS RESTRICTIVE
|
||||||
|
FOR ALL
|
||||||
|
TO authenticated
|
||||||
|
USING (false);
|
||||||
Reference in New Issue
Block a user