Skip to main content
Supabase Security Guide
Q&ASupabase

What is Row Level Security (RLS) in Supabase and why does it matter?

Row Level Security (RLS) is a PostgreSQL feature that Supabase exposes to control which rows a user can access in a database table. Without RLS policies enabled, any user with the anon key can read, insert, update, or delete all rows in a table through the Supabase REST API. RLS policies act as WHERE clauses that are automatically appended to every query, ensuring users only access data they are authorized to see. Enabling RLS on every table is considered a fundamental security requirement when building with Supabase. UNPWNED checks whether your Supabase project has RLS enabled and flags tables that are publicly accessible without policies.

Check your Supabase app now

Run free security scan

Last reviewed: 2026-04-07. Based on publicly available security research and UNPWNED scan telemetry.

Related Questions

Is Supabase secure by default?How do I check if RLS is enabled on my Supabase tables?

More Supabase Security Questions

Is Supabase secure by default?How do I check if RLS is enabled on my Supabase tables?Can Supabase data be accessed without authentication?What is the difference between the Supabase service_role key and the anon key?How do I secure Supabase Storage buckets?How secure are Supabase Edge Functions?