ModernBlog
bbb

bbb

bbbbb

bbbb
By bbbb

Content creator and writer.

7/23/2025
3 min read

import MdxLayout from "@/components/MdxLayout";

export const metadata = { title: "bbb", description: "bbbbb", topics: ["bbbb", "cccc"], };

export default function BlogPost({ children }) { return {children}; }

bbb

Author: bbbb

Date: 2025-07-19

Here's a Row-Level Security (RLS) policy template for Supabase that allows authenticated users to perform CRUD (Create, Read, Update, Delete) operations on files in a Storage bucket, such that:

  • Each user can only access their own uploaded files.
  • The files are stored in a bucket, and access is controlled via an object table, typically storage.objects (managed internally by Supabase).

✅ Assumptions

  • You're using Supabase's default storage.objects table.

  • You want only authenticated users to:

    • Upload (Create) files
    • Read their own files
    • Update (replace metadata)
    • Delete their own files

  • Each file is tagged with the uploader's auth.uid() in the owner metadata.

🛠 1. Enable RLS on storage.objects

alter table storage.objects enable row level security;

🧩 2. Add owner metadata (if not already)

If not already used, consider enforcing owner metadata via upload policy or triggers. But assuming it's already added during upload:

{
  "owner": "user-uuid"
}

🔐 3. Add RLS Policies for CRUD

🔍 Read (SELECT)

create policy "Users can read their own files"
on storage.objects
for select
using (
  auth.role() = 'authenticated'
  AND metadata->>'owner' = auth.uid()
);

➕ Create (INSERT)

create policy "Users can upload their own files"
on storage.objects
for insert
with check (
  auth.role() = 'authenticated'
  AND metadata->>'owner' = auth.uid()
);

✏️ Update

For updating file metadata or renaming

create policy "Users can update their own files"
on storage.objects
for update
using (
  auth.role() = 'authenticated'
  AND metadata->>'owner' = auth.uid()
)
with check (
  metadata->>'owner' = auth.uid()
);

❌ Delete

create policy "Users can delete their own files"
on storage.objects
for delete
using (
  auth.role() = 'authenticated'
  AND metadata->>'owner' = auth.uid()
);

📌 Notes

  • metadata->>'owner' = auth.uid() assumes the metadata JSON contains the user's UUID at upload time.
  • You can enforce this via client logic when uploading files using Supabase Storage JS SDK.
  • To automatically add owner field on upload, consider using a trigger on INSERT.

Optional: Trigger to Auto-Set Owner Metadata

create function set_owner_metadata()
returns trigger as $$
begin
  new.metadata := jsonb_set(coalesce(new.metadata, '{}'::jsonb), '{owner}', to_jsonb(auth.uid()));
  return new;
end;
$$ language plpgsql;

create trigger before_insert_set_owner
before insert on storage.objects
for each row
execute function set_owner_metadata();

Let me know if you're using a custom bucket name or want to support public read-only access, and I can modify the policy.

Tags

bbbb

About bbbb

Content creator and writer.

Related Articles

Install Docker Desktop
test

Install Docker Desktop

* Windows 10 64-bit: Pro, Enterprise, or Education (Build 15063 or later), or Windows 11 * **WSL 2** (Windows Subsystem for Linux) is required * Hardware virtualization enabled in BIOS

AuthorAuthor
5 min read
Apa Itu IELTS dan Kenapa Penting untuk Masa Depanmu?
General

Apa Itu IELTS dan Kenapa Penting untuk Masa Depanmu?

Dalam dunia global yang semakin terkoneksi, kemampuan bahasa Inggris menjadi aset yang sangat berharga. Salah satu cara paling diakui secara internasional untuk menunjukkan kemampuan ini adalah melalui **IELTS** (International English Language Testing System).

AuthorAuthor
5 min read
bbb
General

bbb

bbbbb

AuthorAuthor
5 min read

Stay Updated

Get the latest articles and insights delivered straight to your inbox. Join our community of designers and developers.

No spam, unsubscribe at any time.