Performance Advisor "Auth RLS Initialization Plan" Warning

[lakeesiv]

Bug report

• I confirm this is a bug with Supabase, not with my own application.
• I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

With the new performance advisor, I get the following for my table

After updating the RLS policy:

The warning on the performance advisor does not go away

Seems like I am not the only one who has this error: https://www.reddit.com/r/Supabase/comments/1ca5gri/auth_rls_initialization_plan_warnings_not_going/

To Reproduce

• Have a table with rows that can only be edited by a user with their user_id
  eg: Table called feedback with rows: feedback_id: int8, user_id: uuid with forgein key to auth.users.id, content: text
• Apply the RLS rule for enforcing updates

create policy "allow users to edit their own feedback" on "public"."feedback" as permissive for update to authenticated using ((( SELECT auth.uid() AS uid) = user_id));

Expected behavior

Warning goes away

System information

• Issue with hosted Supabase

[cyluss]

Yes I noticed the behavior too. I avoided warnings by extracting whole using conditions into 'security definer' functions, or db function that inspects auth informations and returns boolean.

Please start from approach 2 is_admin function in the RLS best practice discussion. And please be advised that it has somewhat steep learning curve. IMO It should be a part of documentation but it is what it is for now.