Lovable database

RLS Allows SELECT But Blocks INSERT/UPDATE

Users can read data from table but cannot insert or update. 'permission denied' error on insert/update despite having select access. RLS policies inconsistently applied across operations.

Each database operation (SELECT, INSERT, UPDATE, DELETE) needs its own RLS policy. Common mistake is creating only SELECT policy and assuming others inherit.

Error Messages You Might See

permission denied for table insert or update on table violates policy Violation of row-level security policy
permission denied for tableinsert or update on table violates policyViolation of row-level security policy

Common Causes

  1. INSERT policy doesn't exist or uses wrong auth check
  2. WITH CHECK clause missing from INSERT policy
  3. UPDATE policy missing or references wrong columns
  4. Policy targets wrong role (anon vs authenticated)
  5. Multiple conflicting policies with AND logic

How to Fix It

Create separate policies for each operation:

-- SELECT policy
CREATE POLICY "Read own data" ON users
FOR SELECT USING (auth.uid() = id);

-- INSERT policy  
CREATE POLICY "Create own user" ON users
FOR INSERT WITH CHECK (auth.uid() = id);

-- UPDATE policy
CREATE POLICY "Update own data" ON users
FOR UPDATE USING (auth.uid() = id)
WITH CHECK (auth.uid() = id);

Real developers can help you.

ISHANTDEEP SINGH ISHANTDEEP SINGH Senior Software Engineer with 7+ years of experience in React, JavaScript, TypeScript, Next.js, and Node.js. I’ve also worked as a tech lead for startups, owning end-to-end technical execution including architecture, development, scaling, and delivery. I bring a strong mix of hands-on coding, product thinking, and technical leadership, and I’m comfortable building products from scratch as well as improving and scaling existing systems. Pratik Pratik SWE with 15+ years of experience building and maintaining web apps and extensive BE infrastructure Omar Faruk Omar Faruk As a Product Engineer at Klasio, I contributed to end-to-end product development, focusing on scalability, performance, and user experience. My work spanned building and refining core features, developing dynamic website templates, integrating secure and reliable payment gateways, and optimizing the overall system architecture. I played a key role in creating a scalable and maintainable platform to support educators and learners globally. I'm enthusiastic about embracing new challenges and making meaningful contributions. Jen Jacobsen Jen Jacobsen I’m a Full-Stack Developer with over 10 years of experience building modern web and mobile applications. I enjoy working across the full product lifecycle — turning ideas into real, well-built products that are intuitive for users and scalable for businesses. I particularly enjoy building mobile apps, modern web platforms, and solving complex technical problems in a way that keeps systems clean, reliable, and easy to maintain. Yovel Cohen Yovel Cohen I got a lot of experience in building Long-horizon AI Agents in production, Backend apps that scale to millions of users and frontend knowledge as well. MFox MFox Full-stack professional senior engineer (15+years). Extensive experience in software development, qa, and IP networking. Anthony Akpan Anthony Akpan Developer with 8 years of experience building softwares fro startups Meïr Ankri Meïr Ankri Full-stack developer specializing in React / Next.js / Node.js with 6+ years of experience. I've worked across various sectors including automotive (Reezocar/Société Générale), healthcare (Medical Link SaaS), and e-commerce (Glasman). I build web apps end-to-end, from architecture to production, with a focus on scalability, performance, and code quality. I also mentor junior developers and contribute to technical decisions and code reviews. Nam Tran Nam Tran 10 years as fullstack developer Costea Adrian Costea Adrian Embedded Engineer specilizing in perception systems. Latest project was a adas camera calibration system.

You don't need to be technical. Just describe what's wrong and a verified developer will handle the rest.

Get Help

Frequently Asked Questions

What's the difference between USING and WITH CHECK?

USING: checks rows before operation (for SELECT/UPDATE/DELETE). WITH CHECK: validates new row data (for INSERT/UPDATE).

Do I need separate policy per operation?

Yes, each operation (SELECT, INSERT, UPDATE, DELETE) needs its own FOR clause and policy.

Related Lovable Issues

Data Not Saving to Supabase Database

database

Realtime Subscriptions Not Receiving Updates

database

Database Migration Fails During Deployment

database

Foreign Key Constraint Violation on Delete/Update

database

Can't fix it yourself?
Real developers can help.

You don't need to be technical. Just describe what's wrong and a verified developer will handle the rest.

Get Help