Can't insert rows into Supabase profile table even after creating the RLS policy to do so for the sign up feature
Again, I am quite new to Supabase so I apologize in advance if I don't provide clear details in this post or mess up with some terms or something
Basically, I am doing auth using Supabase and have this table called "profiles" with columns:
id - UUID username - text email - text
now when I create a new account using Supabase, it works, the account gets registered and shows up in the auth tab, but the new row doesn't get inserted into profiles?
user = response.user
if user:
resp = supabase.table("profiles").insert({
"id": user.id,
"username": username,
"email": email
}).execute()
print(resp)
request.session["user_id"] = user.id
request.session["username"] = username
return redirect("home")
Now, my RLS for the profiles table is:
- Enable insert for authenticated users only,
- INSERT,
- anon, authenticated
and I am using a service key to create the supabase client.
Even after all that, I keep getting the error -> APIError: {'message': 'new row violates row-level security policy for table "profiles"', 'code': '42501', ...}
PLEASE HELP ME I HAVE NO IDEA HOW TO FIX THIS, I almost let AI take over my code atp but nahh I'm not that desperate 💔
You’re getting that error because RLS runs even for service keys unless you explicitly disable it or write the policy correctly.
Your “authenticated users only” policy is too broad, Supabase needs to know which user is inserting.
Change your policy to something like this:
create policy "insert own profile"
on profiles for insert
to authenticated
with check (auth.uid() = id);
This ensures only the logged-in user can insert their own row.
Also, if you’re using a service key on the client side, don’t, it bypasses normal auth context, so auth.uid() becomes null and the insert fails. Use the anon key for client-side code and let the authenticated session token handle identity.
Once you switch to the anon key and apply the above policy, the insert will work.