This skill should be used when the user requests to generate, create, or add Row-Level Security (RLS) policies for Supabase databases in multi-tenant or role-based applications. It generates comprehensive RLS policies using auth.uid(), auth.jwt() claims, and role-based access patterns. Trigger terms include RLS, row level security, supabase security, generate policies, auth policies, multi-tenant security, role-based access, database security policies, supabase permissions, tenant isolation.
View on GitHubhopeoverture/worldbuilding-app-skills
supabase-rls-policy-generator
plugins/supabase-rls-policy-generator/skills/supabase-rls-policy-generator/SKILL.md
January 21, 2026
Select agents to install to:
npx add-skill https://github.com/hopeoverture/worldbuilding-app-skills/blob/main/plugins/supabase-rls-policy-generator/skills/supabase-rls-policy-generator/SKILL.md -a claude-code --skill supabase-rls-policy-generatorInstallation paths:
.claude/skills/supabase-rls-policy-generator/# Supabase RLS Policy Generator To generate comprehensive Row-Level Security policies for Supabase databases, follow these steps systematically. ## Step 1: Analyze Current Schema Before generating policies: 1. Ask user for the database schema file path or table names 2. Read the schema to understand table structures, foreign keys, and relationships 3. Identify tables that need RLS protection 4. Determine the security model: multi-tenant, role-based, or hybrid ## Step 2: Identify Security Requirements Determine access patterns by asking: - Is this a multi-tenant application? (tenant_id isolation) - What roles exist in the system? (admin, user, viewer, etc.) - Are there public vs private resources? - Do users need to share resources across accounts? - Are there hierarchical permissions? (organization > team > user) Consult `references/rls-patterns.md` for common security patterns. ## Step 3: Generate RLS Policies For each table requiring protection, generate policies following this structure: ### Enable RLS ```sql ALTER TABLE table_name ENABLE ROW LEVEL SECURITY; ``` ### Policy Types to Generate **SELECT Policies** - Control read access: - User can view their own records - User can view records in their tenant - Role-based viewing (admins see all) - Public records accessible to all authenticated users **INSERT Policies** - Control creation: - User can create records with their own user_id - User can create records in their tenant - Role-based creation restrictions **UPDATE Policies** - Control modifications: - User can update their own records - Admins can update all records - Tenant-scoped updates **DELETE Policies** - Control deletion: - User can delete their own records - Admin-only deletion - Tenant-scoped deletion ### Policy Templates Use templates from `assets/policy-templates.sql`: **Basic User Ownership**: ```sql CREATE POLICY "Users can view own records" ON table_name FOR SELECT USING (auth.uid() = user_id); ``` **Multi-Tenant Isolation*