[andrew_]

that's great, but what if I want to add a role to my user to do something like send an email with an extended schema (when that lands). What if I'm not familiar with "row level permissions" and I have a SaSS app where different users can access different rows based on column content? Scenarios like those are where the docs fall short. PLEASE think like new users and not like seasoned engineers with prior experience with the feature set.

[city41]

Supabase's row level security is just postgres row level security, it's not proprietary to Supabase. Postgres documentation, blog posts etc on RLS will apply to Supabase too.

[andrew_]

I get this, and I've been using postgres for a long time, so I should get this. My point is that the barrier for entry is very high. Most folks that have experience with GraphQL and not intimate knowledge of Postgres security/access are going to struggle with this. It's much different than say, Postgraphile or Asura - both of which have a much lower barrier for entry. Folks are naturally going to compare. I've been following their GraphQL extension since its development announcement and I think this will end up being the better GraphQL product in the long term. I want Supabase to be a world-class product because I'm a fan, and that means world-class documentation.

[city41]

You're definitely not wrong. I think Supabase will get there ultimately. But being a startup and presumably a small team, I think it's ok for them to lean on "Supabase is basically postgres as a service so postgres docs can fill the void for now".

And just for the record I'm not affiliated with Supabase, I just use it on a side project and quite like it.