Problem
The manager of the auth schema, supabase_auth_admin can create new roles on the database.
-- See https://github.com/supabase/postgres/blob/develop/nix/tests/expected/auth.out#L31
-- attributes of the supabase_auth_admin
select
rolcreaterole ,
rolcanlogin ,
rolsuper ,
rolinherit ,
rolcreatedb ,
rolreplication ,
rolconnlimit ,
rolbypassrls ,
rolvaliduntil
from pg_roles r
where r.rolname = 'supabase_auth_admin';
rolcreaterole | rolcanlogin | rolsuper | rolinherit | rolcreatedb | rolreplication | rolconnlimit | rolbypassrls | rolvaliduntil
---------------+-------------+----------+------------+-------------+----------------+--------------+--------------+---------------
t | t | f | f | f | f | -1 | f |
(1 row)
This is likely unneeded, and following the principle of least privilege, supabase_auth_admin shouldn't be able to.
Solution
Remove this privilege for suapbase_auth_admin.
Problem
The manager of the auth schema,
supabase_auth_admincan create new roles on the database.This is likely unneeded, and following the principle of least privilege,
supabase_auth_adminshouldn't be able to.Solution
Remove this privilege for
suapbase_auth_admin.