debug-rls

Solid

Use when users report access denied errors, see wrong data, RLS policies are not working, or when troubleshooting Row-Level Security issues in Butterbase

AI & Automation 424 stars 40 forks Updated today MIT

Install

View on GitHub

Quality Score: 88/100

Stars 20%

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# debug-rls Systematic methodology for debugging Row-Level Security issues in Butterbase. Uses role simulation (`as_role`/`as_user` parameters) to verify policy behavior without needing real user sessions. --- ## 1. Overview Row-Level Security (RLS) in Butterbase controls which rows each database role can see or modify. When RLS is misconfigured, users may see no data, too much data, or get unexpected errors on insert. This skill walks through a repeatable four-step process to identify and fix the root cause. Key principle: **MCP tools default to the service key (`bb_sk_...`), which bypasses all RLS**. Always use `as_role`/`as_user` to simulate the role your frontend actually uses. --- ## 2. Quick Diagnosis Match the symptom your user reports to the most likely cause before diving into the full protocol. | Symptom | Likely cause | |---------|-------------| | User sees no rows | RLS enabled but no policy for `butterbase_user` role | | User sees ALL rows | RLS not enabled on the table, or request uses service key (`bb_sk_`) | | Insert fails with `AUTH_RLS_POLICY_VIOLATION` | No INSERT policy, or `user_column` not auto-populated | | User sees other users' data | Policy USING expression is wrong, or user isolation not set up | | Anonymous user gets 403 | No policy for `butterbase_anon` role | | Works in MCP tools but not from frontend | MCP uses service key (bypasses RLS); frontend uses end-user JWT | --- ## 3. The Three Roles Butterbase automatically assigns a databa...

Details

Author: butterbase-ai
Repository: butterbase-ai/butterbase-skills
Created: 1 months ago
Last Updated: today
Language: N/A
License: MIT

Integrates with

Model Context Protocol · AI

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

journey-rls

Use as the RLS build stage of the Butterbase journey, after journey-schema. Implements the RLS section of 02-plan.md by delegating to debug-rls policy patterns (for proactive creation, not debugging). Calls manage_rls (create_user_isolation, enable, create_policy). Folded into journey-schema when hackathon_mode is true.

424 Updated today

butterbase-ai

AI & Automation Listed

rls-policy-designer

Generate a Supabase Row-Level-Security policy bundle from an access-model description. Outputs SQL + test queries + admin-impersonation patterns.

3 Updated today

anthril

AI & Automation Listed

postgres-rls-pattern

Use when writing or reviewing Postgres queries in a multi-tenant SaaS where every table row must be scoped to a single organization. Enforces the FORCE ROW LEVEL SECURITY + USING + WITH CHECK triple on every tenant-bound table, and wraps application queries in an `orgQuery(orgId)` helper that sets `app.current_org_id` before each statement. Do NOT use for cross-org system queries such as billing cron jobs or admin panels (those bypass RLS intentionally via the service role); use a service-role query wrapper instead.

0 Updated today

jacob-balslev

API & Backend Listed

supabase-rls-security-reviewer

Review Supabase RLS, grants, schema exposure, views, and SQL function privilege boundaries. Use for policy design, auth-sensitive migrations, exposed-schema review, security-definer risk, and least-privilege database hardening.

5 Updated today

conectlens

API & Backend Listed

rls-performance

Postgres + Supabase RLS 效能診斷與優化手冊。Use when 寫/改 RLS policy、跑 EXPLAIN ANALYZE、排查 PGRST003 pool timeout、設計 index、優化 pagination、使用者抱怨 API 變慢、或需要診斷 connection pool 問題時。涵蓋 pg_stat_activity 診斷、角色對照、self-hosted LXC 責任模型、效能基準與事故恢復 SOP。

45 Updated today

YuDefine