CREATE POLICY "Authenticated can view trainer and government roles" ON public.user_roles FOR SELECT TO authenticated USING (role IN ('trainer'::app_role, 'government'::app_role));