Supabase RLS Policy Config
API Contract
REST
/api/v1/admin/policies
8 endpoints
GET
/api/v1/admin/policies/api/v1/admin/policies
List all active RLS policies
Public
Response Example
{
"data": [
{
"policy_id": "pol_orgAdmin_users",
"table": "users",
"scope": "org_admin",
"operation": "SELECT",
"active": true
},
{
"policy_id": "pol_superAdmin_all",
"table": "*",
"scope": "super_admin",
"operation": "ALL",
"active": true
}
],
"pagination": {
"page": 1,
"limit": 20,
"total": 14
}
}
GET
/api/v1/admin/policies/api/v1/admin/policies/:id
Get a single RLS policy definition
Public
Response Example
{
"data": {
"policy_id": "pol_orgAdmin_users",
"table": "users",
"scope": "org_admin",
"operation": "SELECT",
"sql": "CREATE POLICY org_admin_users_select ON users FOR SELECT USING (org_id = ANY(get_admin_org_ids(auth.uid())))",
"active": true,
"created_at": "2025-06-01T00:00:00Z"
}
}
POST
/api/v1/admin/policies/api/v1/admin/policies/apply/org-admin
Apply org-admin RLS policies to Supabase
Public
Request Example
{
"dry_run": false
}Response Example
{
"data": {
"policies_applied": 8,
"dry_run": false,
"applied_at": "2026-03-26T12:00:00Z"
}
}
POST
/api/v1/admin/policies/api/v1/admin/policies/apply/super-admin
Apply super-admin RLS policies to Supabase
Public
Request Example
{
"dry_run": false
}Response Example
{
"data": {
"policies_applied": 6,
"dry_run": false,
"applied_at": "2026-03-26T12:01:00Z"
}
}
PUT
/api/v1/admin/policies/api/v1/admin/policies/:id
Update an existing RLS policy definition
Public
Request Example
{
"active": false
}Response Example
{
"data": {
"policy_id": "pol_orgAdmin_users",
"active": false,
"updated_at": "2026-03-26T13:00:00Z"
}
}
DELETE
/api/v1/admin/policies/api/v1/admin/policies/:id
Remove an RLS policy (super-admin only)
Public
Response Example
{
"data": {
"policy_id": "pol_orgAdmin_users",
"deleted": true
}
}
GET
/api/v1/admin/policies/api/v1/admin/policies/validate
Validate all current RLS policies against expected config
Public
Response Example
{
"data": {
"valid": true,
"total_checked": 14,
"failures": [],
"warnings": [
{
"policy_id": "pol_orgAdmin_activities",
"message": "Policy uses deprecated function get_org_scope_v1"
}
],
"validated_at": "2026-03-26T12:30:00Z"
}
}
GET
/api/v1/admin/policies/api/v1/admin/policies/sql
Export all RLS policy SQL as a migration script
Public
Response Example
{
"data": {
"sql": "-- Org Admin Policies\nCREATE POLICY org_admin_users_select ON users FOR SELECT USING (...);\nCREATE POLICY org_admin_activities_select ON activities FOR SELECT USING (...);\n-- Super Admin Policies\nCREATE POLICY super_admin_all ON users FOR ALL USING (is_super_admin(auth.uid()));",
"policy_count": 14,
"generated_at": "2026-03-26T12:30:00Z"
}
}