This project implements a scalable multi-tenant architecture using Supabase and PostgreSQL's Row Level Security (RLS) features. It provides a robust foundation for building secure, isolated, and scalable applications with multiple workspaces.
- Multiple Tenants (Workspaces): Support for multiple tenants with data isolation.
- Row Level Security (RLS): Comprehensive setup with scalable policies for access control.
- Tenant Data Isolation: Ensures data separation between different tenants.
- Supabase Auth Hook Integration: Hook for adding user tenant permissions.
- Tenant Resource Usage Tracking: Table to monitor resource usage per tenant (WIP).
- Supabase account
- Supabase CLI or
npx - Git
-
Create a new Supabase project at database.new.
-
Set up your local environment:
mkdir project-name cd project-name git init -
Install Supabase CLI or use
npx. -
Run setup commands:
supabase login supabase link --project-ref <project_id> supabase db reset --linked
Ensure each user has a workspace_id in the app_metadata JSONB. Update this from your application using supabase service_role admin instance when creating a user:
const supabaseServiceRoleInstance = createClient(SUPABASE_API_URL, SERVICE_ROLE_KEY, {
db: {
schema: "base"
}
})
await supabaseServiceRoleInstance.auth.admin.updateUserById(userId, {
app_metadata: {
org_id: orgId
},
});New workspace can only be created using supabase service_role.
When creating new tables, follow this guide for implementing appropriate RLS policies to maintain data isolation and access control.
- Support for users belonging to multiple tenants
- Implementation of unit tests
- Policies for
workspace_resource_usagetable - Functionality to seed sample data
Contributions are welcome! Please refer to our contributing guidelines for more information.
For more detailed information on RLS policies, functions, and specific implementation details, please refer to this guide.