Next.js Server Component role base access with Supabase

I think supabase just updated the UI. right now you can do it in the sql editor and create the trigger from there by using this command.


create trigger <trigger_name> after insert on auth.users for each row execute function <function_name>();

DailyWebCoding

There is one security problem with that aproach that you all guys have to be aware of.
If you make a "user" or "profile" table where you store all the user info like, name, avatar, settings, etc and you store the role on that same table you have a security issue there.
Because you will probably make a Row Level Security where you are going to allow users edit their own row in "user" table, therefore the user will have access to change his own role to "admin".
To solve this you have to add the "role" column on a different table and that table should have a Row Level Security that only allows to read and not to write/update.

FalconMasters

Perfect tutorial, I was confused with managing the user accesses, this one cleared all the doubts, thanks ❤

kryptons-galaxy

Thank you, this was actually all I was looking for, perfect tutorial, thank you so much!!

dimitarius

Your video saved me. thank you very much.

Aziz-kwct

Hello, great tutorial 👍 !

Everything was going fine until when I needed to select the auth table (timestamp 06:23) in the trigger ui. Only my public tables were available and not anything else! Is there a reason why I can't make triggers from any of the locked shemas?

Can you help. Thanks, Mark

markbroomfield

What font and vs code settings you have it looks super clean is there a link to your settings 😅

codingcode

we want more... ❤ could you do supabase and stripe?

streamocu

nice video, i have a qustion, how can i change the role using params? i need create multiples roles

angelluis

hi a beginner here, why i cant choose the users from the trigger option right now ?

raynosebastian

Great videos, thanks! Could you do one where anyone visiting the site can view the all the posts, but only an admin can update the posts that belong to them?

brianwalsh

Are there any security flaws using this method?

DeejayAlid

Supabase has a roles column in auth.users I tried to use that but maybe that is not how it is supposed to be used maybe that's only there to be managed for supabase? I created a custom role give it to a user but then when I made the rule it was simply not working, of course I gave the user in auth.users that custom role but then I had to change it back to authenticated then update the rule and it worked normally.

dmqinbl

But how to set role while we signup not with supabase?

utomoyogafirmansyah

i am getting this error while sign up AuthApiError: duplicate key value violates unique constraint "user_pkey" as i am created trigger from sql editor

ambicasupraja

I think a regional manager with several managers with several teams. Managers should only see their teams… etc. I’ve been thinking about how to make this works for several years now as I have learned to code.

Michael-Martell

sir can you create a react version of this please I dont understang nextJS

loribryant

hey bro can you updated this please I need this and the role please dont just put the role in it manuall make it dynamic, also please take it slow man you kind super fast

loribryant

Your head is covering code ... we really didn't need to see your face ... we just needed to see code which we couldn't for your head which makes this video useless ...

ahmedmusawir