Absolutely. If the tools were only from Supabase, then yes, you could use Postgres roles. However, most people use a combination of tools (GitHub, Stripe, Linear, etc.), and each has different permission models. I wanted to implement a solution that works generically across tools rather than requiring separate security configurations for each service. This doesn't preclude one from limiting the access scope at the database, though.
For reference, this was the thread that led me to work on this.
https://news.ycombinator.com/item?id=44502318
Since it's postgres behind the scenes, can't you just use pg roles?
Absolutely. If the tools were only from Supabase, then yes, you could use Postgres roles. However, most people use a combination of tools (GitHub, Stripe, Linear, etc.), and each has different permission models. I wanted to implement a solution that works generically across tools rather than requiring separate security configurations for each service. This doesn't preclude one from limiting the access scope at the database, though.