MP057CRITICALFree

rls-enabled-without-policy

What It Detects

ENABLE ROW LEVEL SECURITY without a matching CREATE POLICY silently blocks all access.

Why It's Dangerous

When RLS is enabled with zero policies, the default behavior is a complete deny — all queries from non-superuser roles return zero rows. No error is raised. Supabase documents this as the leading cause of data lockout incidents.

Bad Example

ALTER TABLE users ENABLE ROW LEVEL SECURITY;
-- All non-superuser queries now return 0 rows!

Good Example

ALTER TABLE users ENABLE ROW LEVEL SECURITY;
CREATE POLICY users_select ON users FOR SELECT USING (true);

Configuration

Disable this rule:

# .migrationpilotrc.yml
rules:
  MP057: false

Or change its severity:

# .migrationpilotrc.yml
rules:
  MP057:
    severity: warning

← All rules View on GitHub