User permissions are too open
jcoresongres opened this issue · 0 comments
jcoresongres commented
Bug report
Describe the bug
The permissions are too open. The supabase_admin user is a superuser and can do pretty much everything to the database.
When we're using an approach where the schema can be initialized by a superuser, there should be no need to have more permissions after the schema has been created (here by a script).
This should be restricted to an exhaustive list of permissions and what's required on Supabase's side. It should also be defined more clearly which users/roles are required from Supabase's side during runtime.