Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Permissions denied for table using API but works with SupabaseClient

See original GitHub issue

Bug report

Describe the bug

When trying to access data from some API endpoints, like this: /rest/v1/leads?select=* I get this error:

{
    "message": "permission denied for table leads",
    "code": "42501",
    "hint": null,
    "details": null
}

when doing the same using JS client like this:

const { data, error } = await supabase
            .from('leads')
            .select()

I successfully get the data. Although enabling or disabling RLS has no impact.

I’m using the same anon API key in both situations.

To Reproduce

I am creating these tables using the following function:

BEGIN
EXECUTE format('
      CREATE TABLE IF NOT EXISTS %I (
       id serial PRIMARY KEY,
       created_at date default current_timestamp
      )', my_table);

EXECUTE format('
      ALTER TABLE %I ENABLE ROW LEVEL SECURITY;
', my_table);    

END

I tried to enable and disable RLS from UI and from SQL editor but didn’t change anything. I also tried to use the service role KEY when using API, but the same error above showed.

When creating the tables from the UI, everything seems to work as intended.

Expected behavior

I was expecting to be able to create tables programmatically from the client-side so I’m trying to do it using functions. I’m using the function like this:

 const { data, error } = await supabase
            .rpc('create_table', { my_table: table_name })

Am I missing something?

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:19 (12 by maintainers)

github_iconTop GitHub Comments

3reactions
w3b6x9commented, Jan 20, 2022

hello everyone!

posting a retroactive fix that you will be able to apply to your projects

if you’re currently blocked please run the following in your Supabase SQL editor:

GRANT USAGE ON SCHEMA net TO supabase_functions_admin, postgres, anon, authenticated, service_role, dashboard_user;

ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
ALTER function net.http_collect_response(request_id bigint, async boolean) SECURITY DEFINER;

REVOKE ALL ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
REVOKE ALL ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
REVOKE ALL ON FUNCTION net.http_collect_response(request_id bigint, async boolean) FROM PUBLIC;

GRANT EXECUTE ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role, dashboard_user;
GRANT EXECUTE ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role, dashboard_user;
GRANT EXECUTE ON FUNCTION net.http_collect_response(request_id bigint, async boolean) TO supabase_functions_admin, postgres, anon, authenticated, service_role, dashboard_user;
2reactions
dstrootcommented, Apr 15, 2022
  1. @w3b6x9 your fix works! Kudos.
  2. This definitely happens after your project is paused (and you have hooks in place I think)
Read more comments on GitHub >

github_iconTop Results From Across the Web

Supabase client permission denied for schema public
The client worked fine when I was just clicking around with a prototype, but after setting up Prisma, it doesn't work anymore. Any...
Read more >
Permissions issue using Supabase client - Reddit
I am trying to query the database using the supabase-js client. When I tested initially, it was working fine. But then I set...
Read more >
postgresql - Permission denied for relation <table>
I tried running: ALTER DEFAULT PRIVILEGES GRANT ALL ON TABLES TO bspu;. But it doesn ...
Read more >
Using Nuxt and Supabase for a Multi-User Blogging App
This is the API we use to interact with the Supabase back-end for authentication and data access. First, install the Supabase JavaScript library ......
Read more >
Part Two: Row Level Security | Supabase
Learn how to restrict access to your database tables by enabling Row Level ... be able to read from a particular table, but...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Realtime DELETE updates not being fired

Next page

How do I handle Vercel preview and Supabase auth?