Supabase update endpoint not working with authenticated users

Question

I'm testing the Supabase RLS policies and when I try to update a store with an authenticated user I got a 404 error.

But when I try to use insert it works, but the rule of policies is the same!!

Answer 1

Each policy applies to one of the 4 possible database operations (Select, delete, update, insert) so you'll need to create a new policy for updating the table. Adding this here for my future self.

You can use the built-in roles to allow access for authenticated or anonymous users:

Only Authenticated users

create policy "Public profiles are viewable only by authenticated users"
on profiles for select
to authenticated
using ( true );

Only Anonymous users

create policy "Public profiles are viewable only by authenticated users"
on profiles for select
to anon
using ( true );

Or you can use the built-in auth variable to perform other checks:

Authenticated user can ID match check

alter policy "Users can update their own record"
on "public"."users"
to public
using (
  (auth.uid() = id)
);

Authenticated user ID not null check

alter policy "Users can view data"
on "public"."items"
to public
using (
  (auth.uid() IS NOT NULL)
);

Authenticated user role check

alter policy "Users can view data"
on "public"."items"
to public
using (
  (auth.role() = 'authenticated'::text)
);

Answer 2

Insert policy only works for a new row. You would probably need to create a separate update policy for your table.

This specific discussion might point you to the right direction: https://github.com/supabase/supabase/discussions/3476