Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Can't create INSERT policy

See original GitHub issue

Bug report

Describe the bug

I am unable to create new INSERT policies. It complains of a missing definition even though it’s set.

To Reproduce

Create a new insert policy
Enter a definition
Click save

Expected behavior

Policy should be created, instead we get an error asking for a definition or a check.

Screenshots

System information

Firefox 89 Windows 10

Additional context

Without going to “Advanced” for INSERT, you can’t actually set a definition (“with check” is the only thing that shows). Related?

Issue Analytics

State:
Created 2 years ago
Comments:7 (2 by maintainers)

Top GitHub Comments

14reactions

easy-streetcommented, Jun 3, 2021

I also wasn’t able to do an INSERT despite the policy:

await supabase.from("mailing_list").insert({
  email: email.trim(),
})

Getting back

{"hint":null,"details":null,"code":"42501","message":"new row violates row-level security policy for table \"mailing_list\""}

@alexturpin there is a note in the insert docs that describes this issue:

By default, every time you run insert(), the client library will make a select to return the full record. This is convenient, but it can also cause problems if your Policies are not configured to allow the select operation. If you are using Row Level Security and you are encountering problems, try setting the returning param to minimal.

So, two options:

add a policy allowing SELECT
set the returning param to minimal:

await supabase.from("mailing_list").insert(
  {
    email: email.trim(),
  },
  { returning: "minimal" }
)

3reactions

jstansbecommented, Jul 4, 2021

I also glossed over this and wasted a bunch of time spinning my wheels… thank goodness I found this issue. I hope more attention can be brought to this “gotcha” detail so others don’t go down the same path. Maybe add a warning on the policies section (auth/policies page) that a table only has an insert setup and could cause insert op to fail (code 42501) until select access is setup.

Top Results From Across the Web

Documentation: 15: CREATE POLICY - PostgreSQL

An INSERT policy cannot have a USING expression, as it only applies in cases where records are being added to the relation. Note...

PostgreSQL Row Security Policies is not working for CREATE ...

Your policy makes the table appear empty for the rls_user , because it has no USING clause. Therefore, the UPDATE will never modify...

Create and apply information management policies

On the Information Management Policy Settings page, select Define a policy, and then click OK.

Adding store policies - Shopify Help Center

You can add or generate the following policies for your Shopify store: Refund policy; Privacy policy; Terms of service; Shipping policy; Legal notice ......

PostgreSQL Row Level Security (RLS): Basics and Examples

You can create row level security policies for specific commands like SELECT, ... and cannot INSERT new rows belonging to another manager.