Replies: 1 comment
-
The typical way is to block selects with RLS and then use a security definer function called with rpc to take your id as a parameter and return only the rows based on the id and or limited to a certain number. The API does limit to 1000 rows by default but that is a global setting. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Is there a way to prevent someone from using the API to get all rows from a specific table, while still allowing some look-up by id? Like implementing a max number of rows returned while making the range selector not usable?
Example: a
users
table. I want to be able to show data from let's say 10 users on a page, but I don't want someone to be able to fetch all the 10,000 users's data.I saw a previous RLS discussion about that feature, but I couldn't make it work: https://github.com/orgs/supabase/discussions/28858
Beta Was this translation helpful? Give feedback.
All reactions