cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon supabase

ERROR: 42501: permission denied for schema auth

Open jlassi14 opened this issue 6 months ago • 6 comments

Unable to Create Functions in Auth Schema on Local Supabase Instance (Error 42501)

Description

When attempting to create functions in the auth schema in a local Supabase instance, encountering persistent permission denied errors (Error 42501). This issue prevents implementing critical authentication features and custom security logic in local development environments.

Error Message

ERROR: permission denied for schema auth (Error Code: 42501)

CREATE OR REPLACE FUNCTION auth.user_role()
RETURNS text
LANGUAGE sql
STABLE
AS $$
  SELECT COALESCE(
    (auth.jwt() -> 'app_metadata' ->> 'role')::text,
    'none'
  );
$$;
Results:
Error: ERROR: 42501: permission denied for schema auth

Initial Permission Check

SELECT has_schema_privilege('supabase_admin', 'auth', 'CREATE') AS has_create,
       has_schema_privilege('postgres', 'auth', 'USAGE') AS has_usage;

Results:

  • has_create: false
  • has_usage: true

Attempting to grant permissions using supabase_admin role fails:

SET ROLE supabase_admin;
-- ERROR: permission denied to set role "supabase_admin"

Steps to reproduce

  1. Start a local Supabase instance using supabase start
  2. Create a new migration file with an auth schema function:
CREATE OR REPLACE FUNCTION auth.user_role()
RETURNS text
LANGUAGE sql
STABLE
AS $$
  SELECT COALESCE(
    (auth.jwt() -> 'app_metadata' ->> 'role')::text,
    'none'
  );
$$;
  1. Try to apply migrations with supabase migration up
  2. Get error: ERROR: permission denied for schema auth

Expected behavior

  • The postgres role should have necessary permissions to create functions in auth schema
  • Or there should be clear documentation on how to grant these permissions in local development

Environment

  • Supabase CLI version: 2.23.4
  • OS: Windows 10 pro
  • Database setup: Local Supabase instance started with supabase start
  • Note: This works correctly on macOS.

Troubleshooting Steps Taken

1. Permission Investigation

-- Check schema ownership
SELECT schema_owner 
FROM information_schema.schemata 
WHERE schema_name = 'auth';
-- Returns: supabase_admin


-- Important: Even with ALL PRIVILEGES on tables, schema CREATE is still required:
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA auth TO postgres;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA auth TO postgres;
-- These Returns: has_create: true , has_usage: true but don't solve the migration issue because schema-level CREATE is still missing





### 4. Container Reset Attempts
```bash
# Stop and remove containers
supabase stop
docker rm supabase_db_fcs_supabase

# Clean Docker volumes
docker volume rm fcs-dashboards_db_data

# Restart with fresh state
supabase start
# Result: Same permission issues persist

jlassi14 avatar May 23 '25 13:05 jlassi14

Hi, I've moved this issue over from the supabase repo.

Hallidayo avatar May 26 '25 15:05 Hallidayo

Hello, Has a temporary solution been found? I have the same error when I do a supabase db reset (error on adding an auth.users trigger)

Resetting local database...
Recreating database...
Initialising schema...
Seeding globals from roles.sql...
Applying migration 20250307102613_account_table_init_migration.sql...
ERROR: permission denied for schema auth (SQLSTATE 42501)                     
At statement 21:                                                              
CREATE OR REPLACE FUNCTION auth.register_new_account()                        
 RETURNS trigger                                                              
 LANGUAGE plpgsql                                                             
 SECURITY DEFINER                                                             
AS $function$                                                                 
BEGIN                                                                         
    -- Insert a new row into public.account with the id column from auth.users
    INSERT INTO public.account (id) VALUES (NEW.id);                          
    RETURN NEW;                                                               
END;                                                                          
$function$                                                                    
Try rerunning the command with --debug to troubleshoot the error.

rlebranchu avatar May 28 '25 07:05 rlebranchu

Facing the same issue while creating a db function.

ERROR:  42501: permission denied for schema auth

Tried through CLI as well as Supabase dashboard SQL Editor. Permission error is both.

wajeshubham avatar May 28 '25 17:05 wajeshubham

You are no longer permitted to modify the auth schema. Move your function to your own schema or the public schema (make sure you add/remove the correct permission if in the public schema). https://github.com/orgs/supabase/discussions/34270

silentworks avatar May 29 '25 08:05 silentworks

You are no longer permitted to modify the auth schema. Move your function to your own schema or the public schema (make sure you add/remove the correct permission if in the public schema). https://github.com/orgs/supabase/discussions/34270

this is all fine and good for new migrations. What about old migrations. This is a breaking change.

ebellani avatar May 29 '25 12:05 ebellani

It's best to leave your feedback on the post I linked to as this is not a CLI issue. It's an upstream platform issue.

silentworks avatar Jun 03 '25 10:06 silentworks

I'm encountering the same issue during CI/CD when migrating changes from the staging project to the production project. 😵

eevan7a9 avatar Jul 09 '25 10:07 eevan7a9