Row Level Security (RLS) is one of the best parts of Supabase – but it’s also where many teams get stuck. I regularly see the same handful of issues cause confusing bugs, “missing” data, or unexpected access.

Below are the most common RLS problems I run into, why they happen, and how to fix them.

1. Enabling RLS Without Any Policies

The symptom

• You enable RLS on a table, and suddenly your app stops seeing any rows.
• Inserts fail with “new row violates row-level security policy”.

Why it happens

Once RLS is enabled, Postgres denies all access by default unless a policy allows it. Supabase doesn’t auto-generate policies for you.

How to fix it

1. In the SQL editor, confirm RLS is on:

ALTER TABLE public.my_table ENABLE ROW LEVEL SECURITY;

1. Add at least one policy for each operation you need:

-*- Example: users can see their own rows*

CREATE POLICY "Users can select own rows"

ON public.my_table

FOR SELECT

USING ( auth.uid() = user_id );

*-- Example: users can insert only their own rows*

CREATE POLICY "Users can insert own rows"