feat(dashboard): Add column-level privileges management #13745
Conversation
|
@HTMHell is attempting to deploy a commit to the Supabase Team on Vercel. A member of the Team first needs to authorize it. |
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
6 Ignored Deployments
|
|
Hey @HTMHell, First off, what an awesome PR! Thanks for the hard work here 💪🏻 We've been planning this feature for a while now, along with refactoring our RLS interface (possibly consolidating the two). The frontend team will need to discuss how to best get your changes in, as they'll be a fair amount of overlap. We'll keep you updated, and thanks again! 🙌🏻 |
cool, thank you! |
|
This functionality could be really useful. Hope that Supa ase team will merge this pull request. |
|
This is awesome! Highly appreciate it @HTMHell |
|
Hey @HTMHell !
While we continue to debate the UI for this, wondering if you could have a peek at the data handling. It looks like you're loading it’s currently loading all the permissions for all tables on load. Could you limit that to just the table in the current view. Some of these tables could be loading MBs of data. with thanks! |
|
Thank you! I will probably have time for this in a few days. |
|
@saltcod I've made the changes, it will load the data for the selected table only |
|
Hey @HTMHell let's try and get this in this week! Just had a look and things are looking great. Noticed this in light mode: Wondering if we also need any kind of docs for this? |
|
@saltcod Good call, I've never noticed there is a light theme! Can you elaborate on the docs, what were you thinking about? |
|
Looks like you guys are ready to merge this branch soon. Any updates on it? |
… if feature preview is not enabled
|
Thanks! This looks really cool! |
|
Hey everyone, We've released this as a feature preview. You can toggle it on for your projects here: 
Please send us any feedback on this discussion: https://github.com/orgs/supabase/discussions/20295 |
|
Hey @alaister, Thanks for the feature! I have a few questions regarding this:
Thanks! |
|
Hi @akarshghale,
Hope this helps! |
|
This has made my life |
|
is there any way to |
|
other roles or custom roles are not being shown in the select option |
|
The link at the bottom in the preview toggle popup does not go to the right place fwi: It goes here: Instead of here: J |
|
It would be cool if the SELECT(*) automatically returned only the columns for which one has authorization |
|
That would require some sort of dynamic query, I don't think there is such a construct at the SQL level to "auto-hide" columns with no privileges (that I know of). While there's no luck in the DB domain, the JS client could abstract that, but it would need to know the privileges beforehand to construct the dynamic query fields... |
Yes, perhaps a mechanism similar to the one for generating types from the database schema, which is able to understand which columns are visible to a specific role. Definitely needs to be handled at the library level. |
|
This might could be a good postgREST feature request. J |
New Feature: Column-level Privileges Management in Supabase Dashboard
This Pull Request introduces a new feature for managing column-level privileges in the Supabase Dashboard. With this enhancement, users can now seamlessly view and modify table privileges for each role.
Key Benefits
Column-level security comes in handy when you want to grant specific actions to certain roles, but restrict access to specific columns. For instance, this is particularly useful when you allow authenticated users to insert or update records but want to prevent them from modifying the values of certain critical columns (e.g.
created_atorupdated_at).Features include
Here is a quick demo:
Screenshare.-.2023-04-15.2_45_09.PM.mp4