How to fix infinite recursion in Supabase multi-tenant RLS policies
Developers building multi-tenant apps on Supabase can accidentally create infinite recursion when Row Level Security policies on one table query another RLS-protected table, such as checking workspace membership inside a project access policy. The loop occurs because the policy on the projects table queries workspace_members, which itself triggers its own RLS evaluation, cycling indefinitely. The recommended fix is to wrap the membership lookup in a SECURITY DEFINER SQL function, which bypasses RLS and resolves workspace IDs using the definer's privileges instead of re-triggering policy checks. Setting search_path to an empty string within the function prevents search-path hijacking, a known security risk with SECURITY DEFINER functions. This pattern should be applied to all tenant-scoped tables, covering both read policies and write policies using WITH CHECK on inserts.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in