Supabase
Public schema vs private schema - Why both? #617
-
|
I'm not familiar with Postgre schemas. Why do you use both a public and a private schema for users? What are the pros/cons?
I don't understand your motivations, despite reading the documentation. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
TL:DR; By default, tables in the If you want to restrict read or write access to tables in the public schema - you need to enable row level security for each table and define policies declaring who is allowed to read or write to that table. Tables in any other schema are not directly accessible via the REST API. If you want non-public data to be accessible - you need to create an access mechanism in the The contents of the Please note: I am not part of the Supabase team - just trying to help. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you, it's much more clearer!
This sentence should be in the documentation 😂 💯 |
Beta Was this translation helpful? Give feedback.
TL:DR;
Data in the
publicschema is "open by default", data in other schemas is "restricted by default".By default, tables in the
publicschema can be read/written by clients via the Supabase REST API. That means anybody can access table data in thepublicschema if they have your API key (usually referenced in the doco as the supabase key). The API key is usually shared via your client application, you must presume everyone in the world knows your API key because there's no practical way to keep it secret.If you want to restrict read or write access to tables in the public schema - you need to enable row level security for each table and define policies declaring who is allowed to rea…