started using supabase with ris and at first it felt pretty straightforward
then I added a few more policies and things got confusing fast
nothing really broke, but the results didn't always make sense and it was hard to tell why
i kept second guessing whether my setup was actually correct or just looked correct
so I built a small tool called rlsmon to make it easier to see what's going on
it audits configs, shows how policies behave across roles, and lets me track changes over time
quick way to try it:
npx rlsmon <connection-string>
still early, but it's already helped me catch some weird edge cases
would love feedback if anyone here has dealt with similar rls pain
github: https://github.com/lasect/rlsmon
EpicGamerRyukYT shares their experience with the complexity of Row Level Security (RLS) in Supabase, noting that while nothing broke, the behavior of policies was confusing. To address this, they developed a tool called 'rlsmon' to audit configurations and track policy behavior across roles. They invite feedback from others who have experienced similar challenges.
You can already see your policies in the supabase studio
yeah supabase studio has a solid policy viewer
i was more focused on auditing and actually reasoning about how policies behave across roles, especially as things grow
that’s where rlsmon has been useful for me