Is Supabase RLS enough for my SaaS application?

Question

Hey Hackers,I'm building a SaaS http://cheatsheet.framer.ai/Currently I'm using React - Supabase only.The Supabase RLS code is getting pretty complicated.To what extent should I use it? Moreover, should I use it along with NestJS or should I completely shift?

kiwicopple · Accepted Answer

> Currently I'm using ReactIf you're using pure react (client side) with the Supabase APIs, then RLS is all you need (just make sure you are using the anon key, not the service_role key)If you are using something like Next.js, then you can use the service_role key on any server-side routes. This will bypass Row Level Security, so make sure you use your own Auth system inside the server routes> should I use it along with NestJS or should I completely shift?You can use Supabase just as a Postgres database. Just leave RLS on (to disable anonymous access) then connect to it from NestJs using the "postgres" role/password that you set up when you created the project. There's no need to shift, especially if you are thinking to shift to another Postgres host

leros · Answer

I haven't used Supabase but I tried using Firestore with security rules for a project. I reached a point where my business logic just couldn't be done in rules like that and I had to resort to doing security in code. It just depends what needs your app has.