Security matrix
Client access per table and operation, as declared in client_access. Who may do
what — at a glance.
| Table | select | insert | update | delete |
|---|---|---|---|---|
| users | authenticated | authenticated | own_row | edge_function_only |
| sessions | authenticated | edge_function_only | edge_function_only | edge_function_only |
| participants | authenticated | authenticated | own_row | edge_function_only |
| queue_items | authenticated | own_row | own_row | own_row |
| songs | authenticated | authenticated | edge_function_only | edge_function_only |
| votes | authenticated | own_row | own_row | own_row |
| reactions | authenticated | own_row | edge_function_only | edge_function_only |
| user_profiles | authenticated | own_row | own_row | own_row |
| user_public_profiles VIEW | authenticated | edge_function_only | edge_function_only | edge_function_only |
| user_connections | authenticated | own_row | own_row | own_row |
| user_achievements | authenticated | edge_function_only | edge_function_only | edge_function_only |
Legend: authenticated any signed-in user edge_function_only server-side only, no direct client access own_row only rows owned by the user