pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-20 14:51:12 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix audit log RLS policy

Browse Source
This commit is contained in:
gpt-engineer-app[bot]
2025-11-02 02:43:09 +00:00
parent 5a2e250337
commit 2e632caea3
1 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
supabase/migrations/20251102024255_bf859683-9b2a-4761-b4b7-78283b764ea2.sql Normal file
View File

@@ -0,0 +1,15 @@
-- Relax admin_audit_log SELECT policy to not require AAL2
-- This allows admins to view audit logs without constant MFA step-up
-- Write operations still require AAL2 for security
-- Drop the existing SELECT policy
DROP POLICY IF EXISTS "Admins can view audit log" ON public.admin_audit_log;
-- Create new SELECT policy without AAL2 requirement for reads
CREATE POLICY "Admins can view audit log"
ON public.admin_audit_log
FOR SELECT
TO authenticated
USING (
is_moderator(auth.uid())
);