I’ve been using Supabase lately for a new project and had the opportunity to work with postgres’s row level security (RLS). Its been interesting to say the least. I can see its usefulness, but it has some foot-gun properties that are kind of hard to get used to if you’ve never used it before. The Good Abstracts permissions down to the database layer Simplifies queries in the application layer Keeps users limited to only their data set The Bad Its really easy to forget to set up the proper policies Policies for complex relationships get complicated quickly Can cause really hard debug paths if you have an elevated login Conclusion So that seems like pretty significant cons, so is it worth it?