These breaking changes are rolling out on October 15, 2024 and affects only organizations on the Enterprise plan that have implemented project permissions with members assigned the Developer role.
Supabase launched new granular access control for Enterprise organizations so that its members are given access to specific projects instead of the entire organization. You can check out our Launch Week 12 announcement to learn more.
We recently re-evaluated the access that the Developer role has and decided to implement changes to restrict them on a couple of resources to improve your project's security.
On October 15, 2024, we will turn off certain access that the Developer role currently has to your project's resources. The following table is to illustrate all of the breaking changes that will be going into effect:
| Resource | Action | Developer | Read-Only |
|---|---|---|---|
| API Configuration | |||
| JWT Secret | Generate new | ✅ → ❌ | ❌1 |
| API Settings | Update | ✅ → ❌ | ❌1 |
| Auth Configuration | |||
| Auth Settings | Update | ✅ → ❌ | ❌1 |
| Advanced Settings | Update | ✅ → ❌ | ❌1 |
| Storage Configuration | |||
| Upload Limit | Update | ✅ → ❌ | ❌1 |
| S3 access keys | Create | ✅ → ❌ | ❌1 |
| Delete | ✅ → ❌ | ❌1 | |
| Edge Functions Configuration | |||
| Secrets | Create | ✅ → ❌ | ❌1 |
| Delete | ✅ → ❌ | ❌1 | |
| Authentication | |||
| Providers | Update | ✅ → ❌ | ❌1 |
| Rate Limits | Update | ✅ → ❌ | ❌1 |
| Email Templates | Update | ✅ → ❌ | ❌1 |
| URL Configuration | Update | ✅ → ❌ | ❌1 |
| Logs & Analytics | |||
| Events Collections | Create | ✅ → ❌ | ❌1 |
| Update | ✅ → ❌ | ❌1 | |
| Delete | ✅ → ❌ | ❌1 | |
| Warehouse Access Tokens | Create | ✅ → ❌ | ❌1 |
| Revoke | ✅ → ❌ | ❌1 |
You can learn more about our Platform Access Control here: https://supabase.com/docs/guides/platform/access-control.
If you have any questions or concerns please contact support.