zlacker

[parent] [thread] 1 comments
1. encima+(OP)[view] [source] 2024-03-05 19:09:53
Have you checked out this repo: https://github.com/supabase-community/supabase-custom-claims?

The "raw_app_meta_data" stored for a user is not writeable by the user, so you can store roles and/or privileges in there.

replies(1): >>Sai_+9I
2. Sai_+9I[view] [source] 2024-03-05 23:55:08
>>encima+(OP)
Thanks for sharing. Wasn’t aware of this. Will check it out today.

For now, I figured I’d have an BEFORE UPDATE trigger which compares the md5(NEW.privileges::text) with md5(OLD.privileges::text) and raises an error if they don’t match.

Not sure how to bypass the trigger for service accounts.

[go to top]