Bolt·FixdatabaseSupabaseintermediate

Bolt Supabase RLS Blocking Inserts

Quick Answer

Supabase Row Level Security is enabled, but the target table has no INSERT policy that matches your current user or request context. Bolt generated the form or action correctly, but the database is rejecting the write. Start with "Check whether RLS is enabled on the target table" before making broader code changes.

You're in the right place if...

!Form submits in Bolt but no row appears in Supabase
!Insert request returns 401, 403, or 42501
!Reads work but new records never save

Why this happens

Fix

Check whether RLS is enabled on the target table

In Supabase, open Table Editor, select the table that should receive the write, and inspect its RLS policies. If RLS is on and there is no matching INSERT policy, every write is blocked.

Add or test an INSERT policy in Supabase

Use SQL Editor to add the missing policy for the exact access pattern your app uses.

-- Example for authenticated inserts
create policy "Allow authenticated inserts"
on public.leads
for insert
to authenticated
with check (auth.uid() is not null);

-- Example for anonymous contact forms
create policy "Allow anon inserts"
on public.leads
for insert
to anon
with check (true);

Update the Bolt code to match the policy

If the policy expects an authenticated user or a specific table shape, make the generated code align with it instead of retrying blind writes.

Copy this prompt

Supabase is blocking inserts because of RLS.
Please inspect the write flow and update the app so it matches the table policy.
If the table is for anonymous form submissions, use the public-safe insert flow.
If the table is user-owned, make sure the current authenticated user is attached correctly.

Prevent this next time

Any time Bolt creates a new Supabase table, define the RLS policy immediately. Never wait until after the UI is already built.