RLS · Row Level Security
Row Level Security (RLS) is a PostgreSQL feature that applies per-row access policies based on the current session's role and claims. On Supabase, RLS is the primary mechanism by which apps prevent one user from reading another user's data through the public API.
In plain English
Rules that decide, row by row, who can see what. Turn it on for every public table.
Why it matters
Without RLS, any table exposed to Supabase's Data API is readable by anyone with the anon key · which ships in every browser. RLS is the single most important security setting in a Supabase project. See the full RLS guide for setup.
Related terms
Frequently asked
Does enabling RLS block all reads?
Yes · until you add at least one policy. That's the safe default.
Is RLS Supabase-specific?
No · it's a Postgres feature. Supabase makes it central because the Data API bypasses application-layer auth.