Concerns about Plasmic integration and RLS restrictions with Supabase.

hi all. I’ve read back through most of the messages that I can in here as I wanted to know a little about how Plasmic plays with Supabase.

Am I right in thinking that because of the RLS restrictions you can either use Plasmic with Supabase OR you safely use the Supabase API via clientside software.

As far as I can tell, switching off RLS means there’s no way to protect queries in Supabase and so the only way to use their API would be via a backend.

Is that the correct interpretation of things? And as far as I can tell, there’s no way to get around this by creating a new type of user in Supbase either is there?

One final question (which I’m embarassed I don’t actually know the answer to), if I turn off RLS in Supabase am I correct in thinking that that the database is still secure? It only becomes insecure if I share the anon key with someone, is that correct?

Thank you

Hi, your points are mostly right, you can either directly use Plasmic with Supabase as the provided integration, or you can manually integrate Supabase through your code components and using RLS. The way to protect your queries while using Plasmic and Supabase with RLS off is to use Plasmic builtin roles and auth system. Even though you didn’t expose your anon key with someone, if you create a data source operation that is unprotected, it could lead to someone that doesn’t have enough permission executing it in your application.