Skip to main content
Supabase Security Guide
Q&ASupabase

How do I check if RLS is enabled on my Supabase tables?

You can check RLS status in the Supabase Dashboard by navigating to the Table Editor and looking for the RLS badge on each table. Alternatively, you can run the SQL query SELECT tablename, rowsecurity FROM pg_tables WHERE schemaname = 'public' in the SQL Editor to see which tables have RLS enabled. Tables showing rowsecurity as false are exposed to any authenticated or anonymous request through the API. Supabase also shows a warning banner in the dashboard when tables lack RLS. UNPWNED automatically detects tables without RLS and reports them as critical security findings.

Check your Supabase app now

Run free security scan

Last reviewed: 2026-04-07. Based on publicly available security research and UNPWNED scan telemetry.

Related Questions

What is Row Level Security (RLS) in Supabase and why does it matter?What are the security best practices for Supabase?

More Supabase Security Questions

What is Row Level Security (RLS) in Supabase and why does it matter?Is Supabase secure by default?Can Supabase data be accessed without authentication?What is the difference between the Supabase service_role key and the anon key?How do I secure Supabase Storage buckets?How secure are Supabase Edge Functions?