Supabase is cracking down on security.
Signed-In Users Can Execute SECURITY DEFINER Function
With these functions:
rbac._validate_grantable_roles(p_roles text[])
rbac._validate_permissions(p_permissions text[])
rbac._validate_roles(p_roles text[])
rbac.accept_invite(p_invite_id uuid)
Detects SECURITY DEFINER functions that are callable by signed-in users.
Revoke EXECUTE, switch the function to SECURITY INVOKER,
or move it out of your exposed API schema if signed-in users should not call it.
I'm not sure if there is a way around this ?
If you revoke authenticated, then the parent may not be able to run it?
J
Supabase is cracking down on security.
With these functions:
I'm not sure if there is a way around this ?
If you revoke
authenticated, then the parent may not be able to run it?J