RLS Enabled + SupabaseJS Frontend

• Write RLS policies

• Use SupabaseJS in frontend

⠀Pros:

• Declarative security in database

• Less code to maintain

• Consistent authorization across all applications

• No need to write backend logic

⠀Cons:

• RLS learning curve

• More difficult debugging

RLS Enabled + SupabaseJS Backend (Service Role)

• Use Service Role Key in backend

• Write authorization logic in backend

• No need to write RLS

• RLS must be ON so tables aren't accessible with Anon Key

⠀Pros:

• More familiar for developers

• Easier to test and debug

⠀Cons:

• Requires maintaining a backend

• More code to write and maintain

• Possible additional latency issues

ORMs (Ex: Prisma, Drizzle)

• RLS OFF if used directly with Postgres

• Direct database connection

• More complex setup

• Alternative to SupabaseJS

⠀Pros

• Declarative migrations

• Familiar for teams already using ORMs

⠀Cons

• Additional configuration needed

• Requires manual security implementation

• Possible performance impact vs direct SQL