Skip to content

Security Advisor falsely flags standard SQL view as "Security Definer View" #1993

Open
Open
Security Advisor falsely flags standard SQL view as "Security Definer View"#1993
Labels
bugSomething isn't working
@KwamyAG

Description

@KwamyAG
KwamyAG
opened on Dec 31, 2025

Bug Report: Security Advisor falsely flags standard SQL view as "Security Definer View"

Description

The Supabase Security Advisor is incorrectly flagging a standard SQL view (public.view_unified_messages) as having SECURITY DEFINER property, which is not possible for views in PostgreSQL.

This is causing a persistent ERROR that cannot be resolved via valid SQL fixes.

Steps to Reproduce

  1. Create a simple view: 
    CREATE VIEW public.view_unified_messages AS
SELECT id, conversation_id, sender_id, content, ... FROM public.messages;

Evidence

SELECT schemaname, viewname, viewowner, definition
FROM pg_views 
WHERE viewname = 'view_unified_messages';

Result:

schemaname | viewname               | viewowner | definition
-----------|------------------------|-----------|-----------
public     | view_unified_messages  | postgres  | SELECT id, conversation_id, ... FROM messages;

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions