Supabase RLS audit query

-- RLS coverage audit pro Supabase (self-hosted i hosted)
SELECT
  c.relname                              AS table_name,
  c.relrowsecurity                       AS rls_enabled,
  c.relforcerowsecurity                  AS rls_forced,
  COUNT(p.polname)                       AS policy_count,
  STRING_AGG(p.polname, ', ' ORDER BY p.polname) AS policies
FROM pg_class c
  JOIN pg_namespace n ON n.oid = c.relnamespace
  LEFT JOIN pg_policy p ON p.polrelid = c.oid
WHERE c.relkind = 'r'
  AND n.nspname NOT IN ('pg_catalog', 'information_schema', 'supabase_migrations')
GROUP BY c.relname, c.relrowsecurity, c.relforcerowsecurity
ORDER BY c.relrowsecurity ASC, c.relname;

SELECT
  schemaname,
  viewname,
  viewowner,
  definition
FROM pg_views
WHERE schemaname NOT IN ('pg_catalog', 'information_schema')
  AND definition ILIKE '%security definer%';

SELECT
  n.nspname  AS schema,
  p.proname  AS function,
  pg_get_function_identity_arguments(p.oid) AS args,
  p.prosecdef AS is_definer,
  COALESCE(
    (SELECT setting FROM unnest(p.proconfig) AS setting WHERE setting LIKE 'search_path=%' LIMIT 1),
    'NOT SET'
  ) AS search_path
FROM pg_proc p
  JOIN pg_namespace n ON n.oid = p.pronamespace
WHERE p.prosecdef = true
  AND n.nspname NOT IN ('pg_catalog', 'information_schema', 'pg_temp');