There’s no best really, but in my experience I prefer Hasura. I think their security model makes more sense than row level security and I prefer GraphQl.
Supabase recently shipped with graphql support that is very nice, it maps the query language to the relational schema in a sensible way. Without direct experience I understand this is similar to how Hasura maps it.
As for your preference for Hasura security vs Postgres' native row level security, of course your preference is entirely valid and may also be the best fit for your needs, but consider that RLS works for all database clients, not just Hasura, so if you have a heterogeneous db client environment and you want to enforce one central policy, RLS can do that but a Hasura specific policy checker can't.
Disclaimer: I work at Supabase but not directly on the GraphQL support.
As for your preference for Hasura security vs Postgres' native row level security, of course your preference is entirely valid and may also be the best fit for your needs, but consider that RLS works for all database clients, not just Hasura, so if you have a heterogeneous db client environment and you want to enforce one central policy, RLS can do that but a Hasura specific policy checker can't.
Disclaimer: I work at Supabase but not directly on the GraphQL support.