Updates for using Supabase replication role (#134)

benitav · web-flow · commit 821a15f07f7a · 2025-03-20T14:50:49.000+02:00
* Updates for using Supabase replication role

* only need read-only access
diff --git a/images/installation/overview-connection-details.png b/images/installation/overview-connection-details.png
diff --git a/installation/database-setup.mdx b/installation/database-setup.mdx
@@ -4,6 +4,9 @@ description: "Configure your backend database for PowerSync"
 sidebarTitle: "Overview"
 ---
 
+import PostgresPowerSyncUser from '/snippets/postgres-powersync-user.mdx';
+import PostgresPowerSyncPublication from '/snippets/postgres-powersync-publication.mdx';
+
 ## <Icon icon="elephant" iconType="solid" size="24" /> Postgres
 
 <Check>
@@ -12,11 +15,9 @@ sidebarTitle: "Overview"
 
 Configuring your Postgres database with PowerSync generally involves three tasks:
 
-* Enable logical replication
-
-* Create a PowerSync database user
-
-* Create `powersync` publication
+1. Enable logical replication
+2. Create a PowerSync database user
+3. Create `powersync` publication
 
 We have documented steps for some hosting providers:
 
@@ -28,17 +29,11 @@ We have documented steps for some hosting providers:
 
     ### 2. Create a PowerSync Database User
 
-    It is not currently possible to create a new user on Supabase with replication permissions without contacting their support. Instead, use the default `postgres` user.
+    <PostgresPowerSyncUser />
 
     ### 3. Create "powersync" Publication
 
-    The `postgres` user does not have access to create a publication for all tables. Instead, list each table explicitly.
-
-    This can also be done on the Supabase dashboard in the database *Replication* page.
-
-    ```sql
-    CREATE PUBLICATION powersync FOR TABLE public.lists, public.todos;
-    ```
+    <PostgresPowerSyncPublication />
   </Accordion>
 
   <Accordion title="AWS RDS">
@@ -66,32 +61,21 @@ We have documented steps for some hosting providers:
 
     ```sql
     -- SQL to create powersync user
-
     CREATE ROLE powersync_role WITH LOGIN PASSWORD 'myhighlyrandompassword';
 
     -- Allow the role to perform replication tasks
-
     GRANT rds_replication TO powersync_role;
 
     -- Set up permissions for the newly created role
-
-    GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO powersync_role;
-
+    -- Read-only (SELECT) access is required
+    GRANT SELECT ON ALL TABLES IN SCHEMA public TO powersync_role;
     ```
 
-    For read-only access, only the `SELECT` privilege is required — `INSERT`, `UPDATE` and `DELETE` can be removed.
-
     To restrict read access to specific tables, explicitly list allowed tables for both the `SELECT` privilege, and for the publication (as well as for any other publications that may exist).
 
     ### 3. Create "powersync" Publication
 
-    ```sql
-    -- Create publication to replicate tables. Specify a subset of tables if required.
-
-    -- NOTE: this must be named "powersync" at the moment
-
-    CREATE PUBLICATION powersync FOR ALL TABLES;
-    ```
+    <PostgresPowerSyncPublication />
   </Accordion>
 
   <Accordion title="Azure Postgres">
@@ -109,34 +93,11 @@ We have documented steps for some hosting providers:
 
     ### 2. Create a PowerSync Database User
 
-    Create a PowerSync user on Postgres:
-
-    ```sql
-    -- SQL to create powersync user
-
-    CREATE ROLE powersync_role WITH REPLICATION LOGIN PASSWORD 'myhighlyrandompassword';
-
-    GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO powersync_role;
-
-    ```
-
-    For read-only access, only the `SELECT` privilege is required — `INSERT`, `UPDATE` and `DELETE` can be removed.
-
-    To restrict read access to specific tables, explicitly list allowed tables for both the `SELECT` privilege, and for the publication (as well as for any other publications that may exist).
+    <PostgresPowerSyncUser />
 
     ### 3. Create "powersync" Publication
 
-    ```sql
-    -- Create publication to replicate tables. Specify a subset of tables if required.
-
-    -- NOTE: this must be named "powersync" at the moment
-
-    CREATE PUBLICATION powersync FOR ALL TABLES;
-
-    -- Example for specifying a subset of tables:
-
-    -- CREATE PUBLICATION powersync FOR table users, projects, user_projects, checklists;
-    ```
+    <PostgresPowerSyncPublication />
   </Accordion>
 
   <Accordion title="Google Cloud SQL">
@@ -150,30 +111,11 @@ We have documented steps for some hosting providers:
 
     ### 2. Create a PowerSync Database User
 
-    Create a PowerSync user on Postgres:
-
-    ```sql
-    -- SQL to create powersync user
-
-    CREATE ROLE powersync_role WITH REPLICATION LOGIN PASSWORD 'myhighlyrandompassword';
-
-    GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO powersync_role;
-
-    ```
-
-    For read-only access, only the `SELECT` privilege is required — `INSERT`, `UPDATE` and `DELETE` can be removed.
-
-    To restrict read access to specific tables, explicitly list allowed tables for both the `SELECT` privilege, and for the publication (as well as for any other publications that may exist).
+    <PostgresPowerSyncUser />
 
     ### 3. Create "powersync" Publication
 
-    ```sql
-    -- Create publication to replicate tables. Specify a subset of tables if required.
-
-    -- NOTE: this must be named "powersync" at the moment
-
-    CREATE PUBLICATION powersync FOR ALL TABLES;
-    ```
+    <PostgresPowerSyncPublication />
   </Accordion>
 
   <Accordion title="Neon">
@@ -189,29 +131,11 @@ We have documented steps for some hosting providers:
 
     ### 2. Create a PowerSync Database User
 
-    Create a PowerSync user on Postgres:
-
-    ```sql
-    -- SQL to create powersync user
-
-    CREATE ROLE powersync_role WITH REPLICATION LOGIN PASSWORD 'myhighlyrandompassword';
-
-    GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO powersync_role;
-    ```
-
-    For read-only access, only the `SELECT` privilege is required — `INSERT`, `UPDATE` and `DELETE` can be removed.
-
-    To restrict read access to specific tables, explicitly list allowed tables for both the `SELECT` privilege, and for the publication (as well as for any other publications that may exist).
+    <PostgresPowerSyncUser />
 
     ### 3. Create "powersync" Publication
 
-    ```sql
-    -- Create publication to replicate tables. Specify a subset of tables if required.
-
-    -- NOTE: this must be named "powersync" at the moment
-
-    CREATE PUBLICATION powersync FOR ALL TABLES;
-    ```
+    <PostgresPowerSyncPublication />
   </Accordion>
 
   <Accordion title="Fly Postgres">
@@ -233,29 +157,11 @@ We have documented steps for some hosting providers:
 
     ### 2. Create a PowerSync Database User
 
-    Create a PowerSync user on Postgres:
-
-    ```sql
-    -- SQL to create powersync user
-
-    CREATE ROLE powersync_role WITH REPLICATION LOGIN PASSWORD 'myhighlyrandompassword';
-
-    GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO powersync_role;
-    ```
-
-    For read-only access, only the `SELECT` privilege is required — `INSERT`, `UPDATE` and `DELETE` can be removed.
-
-    To restrict read access to specific tables, explicitly list allowed tables for both the `SELECT` privilege, and for the publication (as well as for any other publications that may exist).
+    <PostgresPowerSyncUser />
 
     ### 3. Create "powersync" Publication
 
-    ```sql
-    -- Create publication to replicate tables. Specify a subset of tables if required.
-
-    -- NOTE: this must be named "powersync" at the moment
-
-    CREATE PUBLICATION powersync FOR ALL TABLES;
-    ```
+    <PostgresPowerSyncPublication />
   </Accordion>
 </AccordionGroup>
 
@@ -292,29 +198,11 @@ For other providers and self-hosted databases:
 
   ### 2. Create a PowerSync Database User
 
-  Create a PowerSync user on Postgres:
-
-  ```sql
-  -- SQL to create powersync user
-
-  CREATE ROLE powersync_role WITH REPLICATION LOGIN PASSWORD 'myhighlyrandompassword';
-
-  GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO powersync_role;
-  ```
-
-  For read-only access, only the `SELECT` privilege is required — `INSERT`, `UPDATE` and `DELETE` can be removed.
-
-  To restrict read access to specific tables, explicitly list allowed tables for both the `SELECT` privilege, and for the publication (as well as for any other publications that may exist).
+  <PostgresPowerSyncUser />
 
   ### 3. Create "powersync" Publication
 
-  ```sql
-  -- Create publication to replicate tables. Specify a subset of tables if required.
-
-  -- NOTE: this must be named "powersync" at the moment
-
-  CREATE PUBLICATION powersync FOR ALL TABLES;
-  ```
+  <PostgresPowerSyncPublication />
 </Accordion>
 
 ### Unsupported Hosted Postgres Providers
diff --git a/integration-guides/flutterflow-+-powersync.mdx b/integration-guides/flutterflow-+-powersync.mdx
@@ -6,6 +6,8 @@ sidebarTitle: "Overview"
 
 import CreateCloudInstance from '/snippets/create-cloud-instance.mdx';
 import SupabaseConnection from '/snippets/supabase-database-connection.mdx';
+import PostgresPowerSyncUser from '/snippets/postgres-powersync-user.mdx';
+import PostgresPowerSyncPublication from '/snippets/postgres-powersync-publication.mdx';
 
 Used in conjunction with **FlutterFlow**, PowerSync enables developers to build local-first apps that are robust in poor network conditions and that have highly responsive frontends while relying on Supabase for their backend. This guide walks you through configuring PowerSync within your FlutterFlow project that has Supabase integration enabled.
 
@@ -68,11 +70,7 @@ This guide walks you through building a basic item management app from scratch a
 ## Configure Supabase
 
 1. Create a new project in Supabase.
-
-2. PowerSync uses the Postgres [Write Ahead Log (WAL)](https://www.postgresql.org/docs/current/wal-intro.html) to replicate data changes in order to keep PowerSync SDK clients up to date.
-
-3. Run the below SQL statement in your **Supabase SQL Editor**:
-
+2. To set up the Postgres database for our demo app, we will create a `lists` table. The demo app will have access to this table even while offline. Run the below SQL statement in your **Supabase SQL Editor**:
    ```sql
    create table
    public.lists (
@@ -84,20 +82,10 @@ This guide walks you through building a basic item management app from scratch a
       constraint lists_owner_id_fkey foreign key (owner_id) references auth.users (id) on delete cascade
    ) tablespace pg_default
    ```
-
+3. PowerSync uses the Postgres [Write Ahead Log (WAL)](https://www.postgresql.org/docs/current/wal-intro.html) to replicate data changes in order to keep PowerSync SDK clients up to date. Run the below SQL statement in your **Supabase SQL Editor** to create a Postgres role/user with replication privileges:
+   <PostgresPowerSyncUser />
 4. Create a Postgres publication using the SQL Editor. This will enable data to be replicated from Supabase so that your FlutterFlow app can download it.
-
-   ```sql
-   create publication powersync for table public.lists;
-   ```
-
-   <Note>
-     This is a static list of tables. If you add additional tables to your schema, they must also be added to this publication.
-   </Note>
-
-   <Info>
-     This guide uses the default `postgres` user in your Supabase account for replicating changes to PowerSync, since elevating custom roles to replication [has been disabled](https://github.com/orgs/supabase/discussions/9314) in Supabase. If you want to use a custom role for this purpose, contact the Supabase support team.
-   </Info>
+   <PostgresPowerSyncPublication />
 
 ## Configure PowerSync
 
diff --git a/integration-guides/supabase-+-powersync.mdx b/integration-guides/supabase-+-powersync.mdx
@@ -6,6 +6,8 @@ sidebarTitle: Overview
 
 import CreateCloudInstance from '/snippets/create-cloud-instance.mdx';
 import SupabaseConnection from '/snippets/supabase-database-connection.mdx';
+import PostgresPowerSyncUser from '/snippets/postgres-powersync-user.mdx';
+import PostgresPowerSyncPublication from '/snippets/postgres-powersync-publication.mdx';
 
 <Frame caption="Video walkthrough of the integration guide.">
   <iframe width="1005" height="420" src="https://www.youtube.com/embed/Xg5FTYGPn5U?si=4TjdYEACDR2g98yh" title="YouTube video player" frameborder="0" 
@@ -48,7 +50,7 @@ We will follow these steps to get an offline-first 'To-Do List' demo app up and
 <Steps>
   <Step title="Configure Supabase:">
     * Create the demo database schema
-    * Create the Postgres publication
+    * Create the Postgres user and publication
   </Step>
   <Step title="Configure PowerSync:">
     * Create connection to Supabase
@@ -67,7 +69,7 @@ Create a new Supabase project (or use an existing project if you prefer) and fol
 
 To set up the Postgres database for our _To-Do List_ demo app, we will create two new tables: `lists` and `todos`. The demo app will have access to these tables even while offline.
 
-Run the below SQL statements in your **Supabase SQL Editor**: (if you get a warning about a "potentially destructive operation", that's a false positive that you can safely ignore.)
+Run the below SQL statements in your **Supabase SQL Editor**:
 
 ```sql
 create table
@@ -97,21 +99,20 @@ create table
   ) tablespace pg_default;
 ```
 
-### Create the Postgres Publication
+### Create a PowerSync Database User
 
 PowerSync uses the Postgres [Write Ahead Log (WAL)](https://www.postgresql.org/docs/current/wal-intro.html) to replicate data changes in order to keep PowerSync SDK clients up to date.
 
-Run the below SQL statement in your **Supabase SQL Editor**:
+Run the below SQL statement in your **Supabase SQL Editor** to create a Postgres role/user with replication privileges:
 
-```sql
--- Create publication for powersync
+<PostgresPowerSyncUser />
 
-create publication powersync for table public.lists, public.todos;
-```
+### Create the Postgres Publication
+
+Run the below SQL statement in your **Supabase SQL Editor** to create a Postgres publication:
+
+<PostgresPowerSyncPublication />
 
-<Info>
-  **Note:** this guide uses the default `postgres` user in your Supabase account for replicating changes to PowerSync, since elevating custom roles to replication [has been disabled](https://github.com/orgs/supabase/discussions/9314) in Supabase. If you want to use a custom role for this purpose, contact the Supabase support team.
-</Info>
 
 ## Configuring PowerSync
 
diff --git a/snippets/postgres-powersync-publication.mdx b/snippets/postgres-powersync-publication.mdx
@@ -0,0 +1,6 @@
+```sql
+-- Create a publication to replicate tables. 
+-- Specify a subset of tables to replicate if required.
+-- NOTE: this must be named "powersync" at the moment
+CREATE PUBLICATION powersync FOR ALL TABLES;
+```
diff --git a/snippets/postgres-powersync-user.mdx b/snippets/postgres-powersync-user.mdx
@@ -0,0 +1,9 @@
+```sql
+-- Create a role/user with replication privileges for PowerSync
+CREATE ROLE powersync_role WITH REPLICATION LOGIN PASSWORD 'myhighlyrandompassword';
+-- Set up permissions for the newly created role
+-- Read-only (SELECT) access is required
+GRANT SELECT ON ALL TABLES IN SCHEMA public TO powersync_role;  
+```
+
+To restrict read access to specific tables, explicitly list allowed tables for both the `SELECT` privilege, and for the publication mentioned in the next step (as well as for any other publications that may exist).
diff --git a/snippets/supabase-database-connection.mdx b/snippets/supabase-database-connection.mdx
