[{"data":1,"prerenderedAt":321},["ShallowReactive",2],{"blog-prompts/write-rls-policies":3},{"id":4,"title":5,"body":6,"category":300,"date":301,"dateModified":302,"description":303,"draft":304,"extension":305,"faq":306,"featured":304,"headerVariant":307,"image":306,"keywords":306,"meta":308,"navigation":309,"ogDescription":310,"ogTitle":306,"path":311,"readTime":306,"schemaOrg":312,"schemaType":313,"seo":314,"sitemap":315,"stem":316,"tags":317,"twitterCard":319,"__hash__":320},"blog/blog/prompts/write-rls-policies.md","Write RLS Policies with AI Prompts",{"type":7,"value":8,"toc":290},"minimark",[9,16,21,24,68,72,75,112,116,119,154,164,168,171,211,220,236,240,243,264,278],[10,11,12],"tldr",{},[13,14,15],"p",{},"These prompts help you write advanced RLS policies for complex authorization scenarios. They cover role-based access, hierarchical permissions, shared resources, and performance-optimized policies.",[17,18,20],"h2",{"id":19},"role-based-access-control","Role-Based Access Control",[13,22,23],{},"Use this prompt to generate Supabase RLS policies for role-based access control. Your AI will create policies for admin, editor, and viewer roles across your tables, with both profiles-table and JWT-claims approaches.",[25,26,28,31,34,47,50,53,65],"prompt-box",{"title":27},"RBAC Policies",[13,29,30],{},"Create RLS policies with role-based access control.",[13,32,33],{},"Roles in my system:",[35,36,37,41,44],"ul",{},[38,39,40],"li",{},"admin: full access to everything",[38,42,43],{},"editor: can read and write content",[38,45,46],{},"viewer: read-only access",[13,48,49],{},"Tables: posts, comments, settings",[13,51,52],{},"Create policies where:",[54,55,56,59,62],"ol",{},[38,57,58],{},"Admins can do anything",[38,60,61],{},"Editors can CRUD posts and comments they create",[38,63,64],{},"Viewers can only SELECT",[13,66,67],{},"Store user roles in a profiles table or JWT claims.\nShow both approaches and explain trade-offs.",[17,69,71],{"id":70},"hierarchical-access","Hierarchical Access",[13,73,74],{},"Copy this prompt to create RLS policies for hierarchical data (organizations, teams, projects, tasks). Your AI will generate efficient policies with helper functions for membership checks that avoid expensive nested subqueries.",[25,76,78,81,84,95,98,109],{"title":77},"Hierarchical Policies",[13,79,80],{},"Create RLS for hierarchical data access.",[13,82,83],{},"Structure:",[35,85,86,89,92],{},[38,87,88],{},"Organizations have multiple teams",[38,90,91],{},"Teams have multiple projects",[38,93,94],{},"Projects have multiple tasks",[13,96,97],{},"A user should access:",[35,99,100,103,106],{},[38,101,102],{},"Tasks in projects they belong to",[38,104,105],{},"Projects in teams they belong to",[38,107,108],{},"Teams in organizations they belong to",[13,110,111],{},"Create efficient policies that don't require multiple subqueries.\nConsider using helper functions for membership checks.",[17,113,115],{"id":114},"shared-resources","Shared Resources",[13,117,118],{},"This prompt asks your AI to create RLS policies for shareable resources with granular permissions. You'll get owner-only, view-shared, and edit-shared policies for a documents table with a shares table, plus the necessary indexes.",[25,120,122,125,128,131,134,151],{"title":121},"Shared Resource Policies",[13,123,124],{},"Create RLS for resources that can be shared with other users.",[13,126,127],{},"Table: documents\nColumns: id, owner_id, content",[13,129,130],{},"Table: document_shares\nColumns: document_id, shared_with_user_id, permission (view/edit)",[13,132,133],{},"Policies needed:",[54,135,136,139,142,145,148],{},[38,137,138],{},"Owner has full access",[38,140,141],{},"Users with 'view' share can SELECT",[38,143,144],{},"Users with 'edit' share can SELECT and UPDATE",[38,146,147],{},"Only owner can DELETE",[38,149,150],{},"Only owner can manage shares",[13,152,153],{},"Make sure performance is good with proper indexes.",[155,156,157],"warning-box",{},[13,158,159,163],{},[160,161,162],"strong",{},"Watch out for recursive policies:"," If Policy A references Table B, and Table B has a policy referencing Table A, you can create infinite loops. Use security definer functions to break these cycles.",[17,165,167],{"id":166},"performance-optimization","Performance Optimization",[13,169,170],{},"Use this prompt to optimize slow RLS policies on large tables. Your AI will refactor your policies using security definer functions, materialized views for role lookups, proper indexes, and EXPLAIN ANALYZE verification.",[25,172,174,177,180,191,194,208],{"title":173},"Optimized Policies",[13,175,176],{},"Optimize my RLS policies for better performance.",[13,178,179],{},"Current issues:",[35,181,182,185,188],{},[38,183,184],{},"Policies are slow with large tables",[38,186,187],{},"Multiple subqueries in each policy",[38,189,190],{},"Checking membership in several tables",[13,192,193],{},"Help me:",[54,195,196,199,202,205],{},[38,197,198],{},"Create a security definer function for membership checks",[38,200,201],{},"Use materialized views or caching for role lookups",[38,203,204],{},"Add proper indexes for policy conditions",[38,206,207],{},"Simplify complex policy logic",[13,209,210],{},"Show before/after with EXPLAIN ANALYZE to verify improvement.",[212,213,214],"tip-box",{},[13,215,216,219],{},[160,217,218],{},"Pro tip:"," Store commonly checked permissions in the user's JWT claims using Supabase custom claims. This avoids database lookups for every policy check.",[221,222,223,230],"faq-section",{},[224,225,227],"faq-item",{"question":226},"Should I use one policy per operation or combine them?",[13,228,229],{},"Separate policies are clearer and easier to maintain. PostgreSQL combines them with OR logic for the same operation, so having multiple policies doesn't hurt performance.",[224,231,233],{"question":232},"How do I test RLS policies?",[13,234,235],{},"Use Supabase's SQL editor with SET ROLE to test as different users. You can also write automated tests that create test users and verify access.",[17,237,239],{"id":238},"further-reading","Further Reading",[13,241,242],{},"Want to understand the vulnerability before fixing it? These guides explain what's happening and why.",[35,244,245,252,258],{},[38,246,247],{},[248,249,251],"a",{"href":250},"/blog/vulnerabilities/exposed-api-keys","Understanding exposed API keys",[38,253,254],{},[248,255,257],{"href":256},"/blog/how-to/hide-api-keys","How to hide API keys step-by-step",[38,259,260],{},[248,261,263],{"href":262},"/blog/best-practices/secrets","Secret management best practices",[265,266,267,273],"related-articles",{},[268,269],"related-card",{"description":270,"href":271,"title":272},"Basic RLS setup","/blog/prompts/add-supabase-rls","Add Supabase RLS",[268,274],{"description":275,"href":276,"title":277},"Similar for Firebase","/blog/prompts/firebase-security-rules","Firebase Security Rules",[279,280,283,287],"cta-box",{"href":281,"label":282},"/","Start Free Scan",[17,284,286],{"id":285},"verify-your-rls-policies","Verify Your RLS Policies",[13,288,289],{},"Scan your database to find policy gaps and security issues.",{"title":291,"searchDepth":292,"depth":292,"links":293},"",2,[294,295,296,297,298,299],{"id":19,"depth":292,"text":20},{"id":70,"depth":292,"text":71},{"id":114,"depth":292,"text":115},{"id":166,"depth":292,"text":167},{"id":238,"depth":292,"text":239},{"id":285,"depth":292,"text":286},"prompts","2026-02-27","2026-03-06","AI prompts for writing Supabase RLS policies. Advanced patterns for team access, role-based permissions, and complex authorization logic.",false,"md",null,"cyan",{},true,"AI prompts for writing advanced Supabase RLS policies.","/blog/prompts/write-rls-policies","[object Object]","BlogPosting",{"title":5,"description":303},{"loc":311},"blog/prompts/write-rls-policies",[318],"Supabase","summary_large_image","5CgU7kbnz6KRynOHWlaEvrQsHiAr6dnuSqX5e0HT-CM",1775843938003]