Supabase RLS Policy Configuration
Component Detail
Description
Database-level row-level security policy definitions for org_admin and super_admin roles in Supabase. Policies are applied to the users, activities, reimbursements, and organisations tables so that org_admin can only SELECT/UPDATE rows belonging to their org subtree. super_admin policies allow cross-org read access for Norse/global administrators.
supabase-rls-policy-config
Summaries
Row-Level Security policies are the foundational data governance layer that enforces organisational boundaries directly within the database engine. By ensuring that org administrators can only ever see and modify records belonging to their own organisational subtree, the system eliminates an entire class of data-leakage risk that could expose sensitive reimbursement and activity records across unrelated organisations. This protection operates automatically at the database tier, meaning no single bug in application code can accidentally expose cross-org data. For Norse-level administrators the super_admin policies grant the necessary cross-org visibility for global oversight without relaxing controls for lower-tier admins.
The practical business outcome is demonstrable compliance with data-privacy regulations, reduced liability exposure, and a trustworthy multi-tenant platform that organisations can confidently adopt.
This component carries high implementation complexity because RLS policies must be designed, tested, and validated for every combination of role and table before any other admin feature can ship safely. It has no upstream dependencies, but virtually every admin-facing feature depends on it being correct, making it a critical-path item that must be completed early in the delivery schedule. QA effort is substantial: testers must verify policy coverage for each table and role pairing, including edge cases around org subtree boundaries and super_admin bypass. Any gap discovered late in the cycle requires a coordinated database migration, regression testing of all affected endpoints, and potential hotfix deployment.
Treat this as a foundational sprint-one deliverable and allocate dedicated security-review time before sign-off.
This infrastructure component encapsulates all Supabase Row-Level Security SQL for the org_admin and super_admin roles, targeting the users, activities, reimbursements, and organisations tables. The applyOrgAdminPolicies(supabase) function generates and executes USING clauses that walk the org hierarchy to restrict SELECT and UPDATE to rows whose organisation falls within the caller's subtree, typically via a recursive CTE or array-contains check on an org_path column. applySuperAdminPolicies(supabase) installs permissive bypass policies checked after the org_admin policies. validatePolicies() introspects pg_policies to confirm all expected policy names exist and are enabled, providing a health-check suitable for CI.
getPolicySql() returns the raw DDL for audit or migration tooling. Because Supabase enforces RLS at the Postgres session level, these policies apply to all clients including direct SDK calls and PostgREST, making them the authoritative enforcement boundary regardless of application-layer logic.
Responsibilities
- Define RLS policies for org_admin role scoping all tables to org subtree
- Define super_admin bypass policies for cross-org visibility
- Ensure policies apply to all relevant tables without gaps
Interfaces
applyOrgAdminPolicies(supabase) -> void
applySuperAdminPolicies(supabase) -> void
validatePolicies() -> PolicyValidationResult
getPolicySql() -> String
Related Data Entities (6)
Data entities managed by this component
Used Integrations (1)
External integrations and APIs this component relies on