25 lines
885 B
SQL
25 lines
885 B
SQL
-- Enable Row Level Security on the modules table.
|
|
-- This blocks all direct PostgREST access by default.
|
|
-- The backend app connects via the service role (DATABASE_URL), which bypasses RLS,
|
|
-- so existing functionality is unaffected.
|
|
|
|
ALTER TABLE public.modules ENABLE ROW LEVEL SECURITY;
|
|
|
|
-- Deny all access to anonymous (unauthenticated) PostgREST callers.
|
|
-- No policy = no access. This is the default when RLS is enabled, but
|
|
-- the explicit policy below makes the intent clear.
|
|
CREATE POLICY "deny_anon" ON public.modules
|
|
AS RESTRICTIVE
|
|
FOR ALL
|
|
TO anon
|
|
USING (false);
|
|
|
|
-- Deny all access to authenticated PostgREST callers too.
|
|
-- The modules table is internal admin-only and should never be
|
|
-- queried directly via the Supabase REST API.
|
|
CREATE POLICY "deny_authenticated" ON public.modules
|
|
AS RESTRICTIVE
|
|
FOR ALL
|
|
TO authenticated
|
|
USING (false);
|