Fix: Supabase Row Level Security Blocking Queries

Quick Answer

In Supabase Dashboard > Authentication > Policies, add a policy for each table. Start with: CREATE POLICY 'allow_all' ON your_table FOR ALL USING (auth.uid() IS NOT NULL);

Symptoms

!Queries return empty results despite data existing
!Error: 'new row violates row-level security policy'
!Insert/update operations silently fail
!App works for admin but not regular users

Step-by-Step Fix

Understand RLS basics

RLS blocks ALL access by default when enabled. You must create policies that explicitly allow operations. No policy = no access.

Check which tables have RLS enabled

Go to Supabase Dashboard > Database > Tables. Tables with a lock icon have RLS enabled. Verify each one has at least one policy.

Create basic read policy

For public data: CREATE POLICY 'public_read' ON table_name FOR SELECT USING (true); For authenticated users only: add USING (auth.uid() IS NOT NULL).

Create write policies

For user-owned data: CREATE POLICY 'owner_write' ON table_name FOR INSERT WITH CHECK (auth.uid() = user_id); Same pattern for UPDATE and DELETE.

Test with the SQL editor

In Supabase SQL Editor, test your policies: SET request.jwt.claim.sub = 'test-user-id'; SELECT * FROM your_table;

Frequently Asked Questions

Never disable RLS in production. It's your primary security layer. Instead, create proper policies for each operation.

For user-owned data: allow authenticated users to CRUD only their own rows (WHERE user_id = auth.uid()). This covers 90% of use cases.

Lovable Review Lovable Alternatives Lovable vs Cursor Lovable vs Bolt Lovable vs Replit Tool Picker Quiz What is Vibe Coding?Prompt Library

Weekly Newsletter

Get next week's fix before you need it.

Join developers getting weekly vibe coding tips, error fixes, and tool updates.

Subscribe on Substack →