-
-
Notifications
You must be signed in to change notification settings - Fork 178
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrations do not allow adding storage policies #96
Comments
The CLI doesn't manage schemas like In general, we don't give full access to schemas like |
I'd think that this severe limits the potential of using the Supabase CLI for handling migrations and syncing them across local development environments and production deploys on the Supabase platform. Although access to the Supabase-managed schemas is discouraged, there are some things that can only be done with access to the schemas: eg. creating triggers on It'd be great if the CLI actually ran everything with the same kind of permissions locally and on the remote, as this is otherwise a major blocker against adoption of the CLI.
I think we could probably use this issue to discuss, but I can also open a discussion there if preferred. |
I agree - the CLI use case is sort of an afterthought, so the permissions model used for Supabase-managed stuff has unintended implications that is only now discovered. In general I think whatever users can do on the dashboard they should be able to do programmatically (either with the We're prioritizing rethinking the permissions next year, but unfortunately it's difficult to get this right without breaking current projects, so this will take a while. |
Agreed that the CLI should also be able to handle these cases, or is there another way to automate/migrate these changes I'm not aware of? Currently, it's not possible to do CI/CD with Supabase as there's no option to do something related to authorization (tables) / storage within a deployment pipeline. Probably the only thing (at the moment) holding me back to use Supabase in my project, as the rest of the Supbase looks awesome and exactly what I need! |
Was about to create a separate issue but figure it's close enough to this one. Been playing around with the CLI for a few days and came across the Running this in Supabase UI worked as mentioned above.
But I'm not really sure what the consequences of doing that are. Just wanted to pipe my two cents in that I agree with this.
Seems to make sense to me that my whole development workflow should be able to start from local and then pushed up. |
We will be taking out superuser role access in the future, so it's better not to lean on it. Your case seems to be similar to #128, in which case changing the owner to |
Just wanted to echo that this seems like a huge oversight. It makes managing migrations properly with the cli very limited, since there's no longer a single source of truth for the whole project. Your table migrations are tracked, but anything to do with any other schema have to be kept in the supabase UI which feels very fragile, especially for things like triggers and RLS policies. |
Was able to work around this issue via
Hopefully that helps, but still acts as a workaround and not expected functionality. Good luck 👍 |
Related to #287 |
This is now supported. |
Bug report
Describe the bug
One of the biggest benefits I see in Suapabase is its ability to be nearly 100% controlled via SQL.
This to me means that I should be able to describe most of my database, storage and authentication requirements through migrations.
Currently, if migration includes a change of a policy on
sotrage.objects
- it fails withERROR: must be owner of ...
(e.g.:ERROR: must be owner of table objects
).Short term fix for me was to make
postgres
user a superuser with (via Supabase UI):But that feels less than ideal for a variety of reasons.
To Reproduce
Create a migration that includes addition of RLS policy onto a
sotrage.objects
table:Expected behavior
Migrations should just be applied without an error with
supabase db push
.Instead, they only execute (without an error) against the local version.
The text was updated successfully, but these errors were encountered: