Understanding safe-guarded API updates or deletion
In SQL, when you run a query such as DELETE FROM table or UPDATE table, it will obviously complete this for all rows if no WHERE clause is provided – you have admin rights. However, Supabase prevents you from using unlimited deletions or updates of rows when using the Supabase API (using the Supabase client, hence using PostgREST).
You can ensure that this setting is on by running this statement:
SELECT useconfig FROM pg_shadow WHERE usename = 'authenticator';
Inside the returned useconfig value, safeupdate should show up within the session_preload_libraries setting.
At this link, you can find out how to activate this extension for specific roles: https://supabase.com/docs/guides/database/extensions/pg-safeupdate#enable-the-extension. Now, I would love to activate this for the postgres admin role to avoid accidentally running DELETE expressions without a WHERE clause, but unfortunately, this cannot be enabled...
