Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Tables created via UI are not granted any access privileges

See original GitHub issue

Bug report

Describe the bug

Tables created via the Supabase UI do not have any access privileges granted and cannot be accessed using either client or service credentials.

To Reproduce

Create a new table via the supabase UI with default settings (autogen ID and created_at columns). Leave the RLS option deselected.

Attempt to query the table via a. supabase-js client with client keys b. supabase-js client with service keys c. psql in all cases you will get a permission denied error.

{
  hint: null,
  message: 'permission denied for table test_table',
  code: '42501',
  details: null
}

Expected behavior

I should be able to select from a table which has no RLS using both client and service keys.

System information

Version of supabase-js: 1.20.0

Additional context

psql output below shows that the newly created test_table has no access privileges, but a table created via the UI in the past does have access privileges.

postgres=> \z test_table
                                           Access privileges
 Schema |    Name    | Type  | Access privileges | Column privileges |            Policies             
--------+------------+-------+-------------------+-------------------+---------------------------------
 public | test_table | table |                   |                   | Enable access to all users (r):+
        |            |       |                   |                   |   (u): true
(1 row)

postgres=> \z profile
                                                           Access privileges
 Schema |  Name   | Type  |       Access privileges        | Column privileges |                       Policies                        
--------+---------+-------+--------------------------------+-------------------+-------------------------------------------------------
 public | profile | table | postgres=arwdDxt/postgres     +|                   | Profiles are viewable by users who created them. (r):+
        |         |       | anon=arwdDxt/postgres         +|                   |   (u): (auth.uid() = uid)
        |         |       | authenticated=arwdDxt/postgres+|                   | 
        |         |       | service_role=arwdDxt/postgres  |                   |

Issue Analytics

State:
Created 2 years ago
Comments:6 (3 by maintainers)

Top GitHub Comments

2reactions

zacataccommented, Oct 15, 2021

My workaround for this issue was to grant privileges for this new table manually:

GRANT ALL ON TABLE public.test_table TO postgres;
GRANT ALL ON TABLE public.test_table TO anon;
GRANT ALL ON TABLE public.test_table TO authenticated;
GRANT ALL ON TABLE public.test_table TO service_role;

1reaction

soedirgocommented, Oct 16, 2021

Thanks, can you file a support request at https://app.supabase.io/support/new?