Welcome to Suparbac

A friendly RBAC for your Supabase

TLDR: Suparbac is an open source, self-hosted service for developers to add RBAC to their Supabase apps, checkout repo.


Supabase

Supabase currently utilizes Row Level Security (RLS) for managing user permissions. This approach offers a powerful level of control, allowing you to define granular access rules for specific data rows. However, RLS can be quite technical. Understanding and implementing it effectively often requires significant coding expertise (specifically SQL), which can be a hurdle for some developers.

Supabase offers an example of leveraging custom claims within user JWTs to implement Role-Based Access Control (RBAC) using RLS. Additionally, this repo explores a similar concept with lots of features. You can adapt it for your project if you feel comfortable with managing and upgrading SQL extensions.

Another option is to leverage a third-party RBAC provider. This repo offers an example of how integration might work. However, integrating a third-party solution typically requires significant changes to your existing apps.

Suparbac

Suparbac takes a different approach. It is designed to be a developer-friendly drop-in for user access control management.

In terms of architecture, Suparbac functions as a proxy server, sitting between your web/apps and your Supabase database. It intercepts all requests and verifies user permissions against your designated users table before granting access.

Image

The benefits of this approach:

  • Since Suparbac handles most of the logic, developers can easily benefit from its functionalities without writing additional code.

  • As Suparbac works at application layer, incorporating functionalities beyond tables and views, like RPC, should be relatively straightforward.

As a new project, Suparbac is still under development and has some rough edges:

  • Introducing a proxy layer to your apps may cause a slight latency. For optimal performance, deploy Suparbac near your Supabase instance.

  • Despite the name, this currently only supports assigning permissions on a user-by-user basis. To add role-based permissions or other complex scenarios, submit a feature request on GitHub.

  • Accessing data from joined tables is not tested and might not work as expected.

  • Let me know any other potential issues.

Give Suparbac a go and if you have any questions feel free to reach out to me @leson_phung or submit your feedback in the form below.

Son.

P.S. I am working on a project to make Supabase tables better, check out Supatable and share your thoughts. Between projects, I've also created ShipAIFast, a collection of prebuilt AI apps. If you're interested in AI and Supabase, you might find it helpful.

Submit your feedback.