You're reading from Building Production-Grade Web Applications with Supabase A comprehensive guide to database design, security, real-time data, storage, multi-tenancy, and more

Product type Paperback

Published in Aug 2024

Publisher Packt

ISBN-13 9781837630684

Length 534 pages

Edition 1st Edition

Languages

Typescript

Tools

Next.js

Concepts

Application Development

Author (1):

David Lorenz

View More author details

Table of Contents (20) Chapters

Preface

1. Part 1:Creating the Foundations of the Ticket System App

2. Chapter 1: Unveiling the Inner Workings of Supabase and Introducing the Book’s Project FREE CHAPTER

3. Chapter 2: Setting Up Supabase with Next.js

4. Chapter 3: Creating the Ticket Management Pages, Layout, and Components

5. Part 2: Adding Multi-Tenancy and Learning RLS

6. Chapter 4: Adding Authentication and Application Protection

7. Chapter 5: Crafting Multi-Tenancy through Database and App Design

8. Chapter 6: Enforcing Tenant Permissions with RLS and Handling Tenant Domains

9. Chapter 7: Adding Tenant-Based Signups, including Google Login

10. Part 3: Managing Tickets and Interactions

11. Chapter 8: Implementing Dynamic Ticket Management

12. Chapter 9: Creating a User List with RPCs and Setting Ticket Assignees

13. Chapter 10: Enhancing Interactivity with Realtime Comments

14. Chapter 11: Adding, Securing, and Serving File Uploads with Supabase Storage

15. Part 4: Diving Deeper into Security and Advanced Features

16. Chapter 12: Avoiding Unwanted Data Manipulation and Undisclosed Exposures

17. Chapter 13: Adding Supabase Superpowers and Reviewing Production Hardening Tips

18. Index

Why subscribe?

19. Other Books You May Enjoy

Enabling column-level security/working with roles

In this section, I want to onboard you to column-level security (CLS). This could probably fill a chapter on its own. While most people can live well without CLS, this section will allow you to decide whether you want to implement it.

Understanding CLS semantically is actually simple. You can define which database roles will be able to perform which operations on which columns. For instance, in a table such as service_users, you could define that a specific role can only read (SELECT) the id column. Trying to select anything else from that table will lead to failure then. CLS, being column-based, can be applied to SELECT, UPDATE, and INSERT (columns cannot be deleted; hence, DELETE always refers to a row that you want to control with RLS policies, not CLS).

Let’s say we wanted the tickets table to only allow you to update the assignee column with CLS. First, we would have to revoke all UPDATE rights on that table to be...