401 user_unauthorized on TablesDB update despite table‑level label:admin update + row security enab

Hi Appwrite team, We’re hitting a permissions issue with TablesDB updates. Setup

• Appwrite Cloud, JS SDK
• TablesDB (new tables)
• Row security enabled (Console shows: “users can access rows if they have either row or table permissions”)
• Table permissions for products and prompts: label:admin has Create/Read/Update
• Row permissions on rows: team‑only (no label:admin)
• Admin user is not a team member, but does have label admin Expected Since row security is ON and table permissions grant label:admin update, admin user should be able to update any row (even without row‑level permission). Actual Update fails with 401 when calling TablesDB update/upsert from the client: PUT /v1/tablesdb/dev/tables/products/rows/<rowId> Payload: { data: { name, description } } Error: { code: 401, type: "user_unauthorized", message: "Permissions must be one of: (... label:admin)" } Notes
• Reads work (same client SDK)
• Creates/deletes work via backend API (admin SDK)
• Updates are client‑side TablesDB calls
• Appwrite error version: 1.8.1 (from response) Questions

1. With row security ON, should table‑level label:admin update permission allow updates without row‑level permission?
2. Is there a known issue with label roles + row security for updates?
3. Do we need to add label:admin to every row’s update permission even when table permission already grants it?