getGeneralPolicyTemplates() — supabase Function Reference
Architecture documentation for the getGeneralPolicyTemplates() function in PolicyEditorModal.constants.ts from the supabase codebase.
Entity Profile
Dependency Diagram
graph TD 84c99679_0e25_0222_f391_4a90bae0289e["getGeneralPolicyTemplates()"] 331765b7_d5b8_b1a0_dc2a_d6b857a68adb["PolicyEditorModal()"] 331765b7_d5b8_b1a0_dc2a_d6b857a68adb -->|calls| 84c99679_0e25_0222_f391_4a90bae0289e 5cae6a1d_d69a_57ce_077f_d3f1a4cc0bff["PolicyTemplates()"] 5cae6a1d_d69a_57ce_077f_d3f1a4cc0bff -->|calls| 84c99679_0e25_0222_f391_4a90bae0289e style 84c99679_0e25_0222_f391_4a90bae0289e fill:#6366f1,stroke:#818cf8,color:#fff
Relationship Graph
Source Code
apps/studio/components/interfaces/Auth/Policies/PolicyEditorModal/PolicyEditorModal.constants.ts lines 17–174
export const getGeneralPolicyTemplates = (schema: string, table: string): PolicyTemplate[] => [
{
id: 'policy-1',
preview: false,
templateName: 'Enable read access to everyone',
description:
'This policy gives read access to your table for all users via the SELECT operation.',
statement: `
create policy "Enable read access for all users"
on "${schema}"."${table}"
for select using (true);`.trim(),
name: 'Enable read access for all users',
definition: 'true',
check: '',
command: 'SELECT',
roles: [],
},
{
id: 'policy-2',
preview: false,
templateName: 'Enable insert access for authenticated users only',
description: 'This policy gives insert access to your table for all authenticated users only.',
statement: `
create policy "Enable insert for authenticated users only"
on "${schema}"."${table}"
for insert to authenticated
with check (true);`.trim(),
name: 'Enable insert for authenticated users only',
definition: '',
check: 'true',
command: 'INSERT',
roles: ['authenticated'],
},
{
id: 'policy-3',
preview: false,
templateName: 'Enable delete access for users based on their user ID *',
description:
'This policy assumes that your table has a column "user_id", and allows users to delete rows which the "user_id" column matches their ID',
statement: `
create policy "Enable delete for users based on user_id"
on "${schema}"."${table}"
for delete using (
(select auth.uid()) = user_id
);`.trim(),
name: 'Enable delete for users based on user_id',
definition: '(select auth.uid()) = user_id',
check: '',
command: 'DELETE',
roles: [],
},
{
id: 'policy-4',
preview: false,
templateName: 'Enable insert access for users based on their user ID *',
description:
'This policy assumes that your table has a column "user_id", and allows users to insert rows which the "user_id" column matches their ID',
statement: `
create policy "Enable insert for users based on user_id"
on "${schema}"."${table}"
for insert with check (
(select auth.uid()) = user_id
);`.trim(),
name: 'Enable insert for users based on user_id',
definition: '',
check: '(select auth.uid()) = user_id',
command: 'INSERT',
roles: [],
},
{
id: 'policy-5',
preview: true,
name: 'Policy with table joins',
templateName: 'Policy with table joins',
description: `
Query across tables to build more advanced RLS rules
Assuming 2 tables called \`teams\` and \`members\`, you can query both tables in the policy to control access to the members table.`,
statement: `
create policy "Members can update team details if they belong to the team"
on teams for update using (
(select auth.uid()) in (
select user_id from members where team_id = id
)
);
`.trim(),
definition: `(select auth.uid()) in (select user_id from members where team_id = id)`,
check: '',
command: 'UPDATE',
roles: [],
},
{
id: 'policy-6',
preview: true,
templateName: 'Policy with security definer functions',
description: `
Useful in a many-to-many relationship where you want to restrict access to the linking table.
Assuming 2 tables called \`teams\` and \`members\`, you can use a security definer function in combination with a policy to control access to the members table.`.trim(),
statement: `
create or replace function get_teams_for_user(user_id uuid)
returns setof bigint as $$
select team_id from members where user_id = $1
$$ stable language sql security definer;
create policy "Team members can update team members if they belong to the team"
on members
for all using (
team_id in (select get_teams_for_user(auth.uid()))
);
`.trim(),
name: 'Policy with security definer functions',
definition: 'team_id in (select get_teams_for_user(auth.uid()))',
check: '',
command: 'ALL',
roles: [],
},
{
id: 'policy-7',
preview: true,
name: 'Policy to implement Time To Live (TTL)',
templateName: 'Policy to implement Time To Live (TTL)',
description: `
Implement a TTL-like feature that you see in Instagram stories or Snapchat where messages expire after a day.
Rows under the table are available only if they have been created within the last 24 hours.`,
statement: `
create policy "Stories are live for a day"
on "${schema}"."${table}"
for select using (
created_at > (current_timestamp - interval '1 day')
);
`.trim(),
definition: `created_at > (current_timestamp - interval '1 day')`,
check: '',
command: 'SELECT',
roles: [],
},
{
id: 'policy-8',
preview: false,
templateName: 'Allow users to only view their own data',
description: 'Restrict users to reading only their own data.',
statement: `
create policy "Enable users to view their own data only"
on "${schema}"."${table}"
for select
to authenticated
using (
(select auth.uid()) = user_id
);`.trim(),
name: 'Enable users to view their own data only',
definition: '(select auth.uid()) = user_id',
check: '',
command: 'SELECT',
roles: ['authenticated'],
},
]Domain
Subdomains
Called By
Source
Frequently Asked Questions
What does getGeneralPolicyTemplates() do?
getGeneralPolicyTemplates() is a function in the supabase codebase.
What calls getGeneralPolicyTemplates()?
getGeneralPolicyTemplates() is called by 2 function(s): PolicyEditorModal, PolicyTemplates.
Analyze Your Own Codebase
Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.
Try Supermodel Free