Supabase RLS Policies

[2Senn]

Describe the Bug

Hey guys, absolutely love payloadcms but I have a tiny concern when using supabase with it.
Basically the tables inserted by payload when you seed the project (website template) all do not have RLS policies in supabase. How should I approach adding these policies?

Link to the code that reproduces this issue

/

Reproduction Steps

seed the website template with supabase and check the supabase dashboard

Which area(s) are affected? (Select all that apply)

db-postgres

Environment Info

Binaries:
  Node: 22.14.0
  npm: N/A
  Yarn: N/A
  pnpm: N/A
Relevant Packages:
  payload: 3.29.0
  next: 15.2.3
  @payloadcms/db-postgres: 3.29.0
  @payloadcms/email-nodemailer: 3.29.0
  @payloadcms/email-resend: 3.29.0
  @payloadcms/graphql: 3.29.0
  @payloadcms/live-preview: 3.29.0
  @payloadcms/live-preview-react: 3.29.0
  @payloadcms/next/utilities: 3.29.0
  @payloadcms/payload-cloud: 3.29.0
  @payloadcms/plugin-cloud-storage: 3.29.0
  @payloadcms/plugin-form-builder: 3.29.0
  @payloadcms/plugin-nested-docs: 3.29.0
  @payloadcms/plugin-redirects: 3.29.0
  @payloadcms/plugin-search: 3.29.0
  @payloadcms/plugin-seo: 3.29.0
  @payloadcms/richtext-lexical: 3.29.0
  @payloadcms/storage-s3: 3.29.0
  @payloadcms/translations: 3.29.0
  @payloadcms/ui/shared: 3.29.0
  react: 19.0.0
  react-dom: 19.0.0
Operating System:
  Platform: win32
  Arch: x64
  Version: Windows 11 Home
  Available memory (MB): 16246
  Available CPU cores: 12

[github-actions]

Please add a reproduction in order for us to be able to investigate.

Depending on the quality of reproduction steps, this issue may be closed if no reproduction is provided.

Why was this issue marked with the invalid-reproduction label?

To be able to investigate, we need access to a reproduction to identify what triggered the issue. We prefer a link to a public GitHub repository created with create-payload-app@latest -t blank or a forked/branched version of this repository with tests added (more info in the reproduction-guide).

To make sure the issue is resolved as quickly as possible, please make sure that the reproduction is as minimal as possible. This means that you should remove unnecessary code, files, and dependencies that do not contribute to the issue. Ensure your reproduction does not depend on secrets, 3rd party registries, private dependencies, or any other data that cannot be made public. Avoid a reproduction including a whole monorepo (unless relevant to the issue). The easier it is to reproduce the issue, the quicker we can help.

Please test your reproduction against the latest version of Payload to make sure your issue has not already been fixed.

I added a link, why was it still marked?

Ensure the link is pointing to a codebase that is accessible (e.g. not a private repository). "example.com", "n/a", "will add later", etc. are not acceptable links -- we need to see a public codebase. See the above section for accepted links.

Useful Resources

• Reproduction Guide
• Contributing to Payload

[WatsonWeb]

Bumping this issue.

I would love to see the Postgres Docs page get a section covering proper RLS policies.

[kgrady13]

We are also looking for more guidance around Supabse RLS + Payload

[thekiwi]

I was able to enable RLS on all Payload-managed tables by adding an afterSchemaInit hook in my payload.config.ts like this:

export default buildConfig({
  // ...
  db: postgresAdapter({
    pool: {
      connectionString: '(supabase db uri)',
    },
    afterSchemaInit: [
      ({ schema }) => {
        // Enable RLS for all tables
        Object.values(schema.tables).forEach((table) => table.enableRLS());
        return schema;
      },
    ],
  }),
  // ...
});

I'm not interested in implementing policies at this point so this is sufficient for me, just thought I'd share in case anyone else finds it useful as a starting point for the original issue.