Hi, I'm new to supabase and I'm having a tough time with RLS on storage I have one Bucket called 'hub' set as public with one root folder 'avatars' which has two folders inside it 'general' & 'users' I'm using 'users' folder to store uploaded profile pictures by users. Where name of folder is their authId from supabase. Yesterday It was working just fine but today I added 'upsert': true option to upload function provided from useSupabaseClient.storage and now it just keeps throwing RLS errors. Also I feel like there is not enough resources regarding RLS for storage. There is a few in docs but it doesn't really help. I was also checking out video on youtube published by Supabase but what surprised me is when I tried to create RLS according to video it just keeps throwing weird error. I would add some screenshots of RLS but I've just tried so many times that it wouldn't even help. It would be really great if someone who's experienced could explain to some basics. fe. why exactly am I getting and error on storage.objects when I have declared RLS on the bucket itself and why when I add Insert and update rls directly to storage.objects instead of bucket with just true values I still get errors regarding RLS Thanks in advance.

If you added upsert then you will need insert, update AND select policies to work. A public bucket still needs all RLS for operations EXCEPT getPublicUrl and use of that URL. You can make life easier by having several buckets versus say a bucket hub with a folder avatars. Just have a bucket avatars with folders under it. RLS is a bit cleaner as every folder you add, if you want different policies on complicates the RLS.

I'll be needing mutliple buckets because its monorepo and will have mutiple instances..

You very rarely need to mess with bucket RLS. All RLS is usually on storage.objects unless you plan to manage the bucket itself versus files.

Ok thanks I'll try adding the SELECT policy as u mentioned

update requires select to search first.

oh I was checking only RLS pages itself.. didn't think of checking the upload itself

Normally you should put the policies under each bucket in the objects section, with the bucket_id as part of them versus in Other. Unless of course all will be the same. Policies are OR'd so if you have a generous policy in other, it won't matter what you put in for bucket. Note I'm not referring to the actual bucket policy, but the UI shows each bucket in the storage.objects section.

OK understood. If I could have just one quick question. If I wanted to add to INSERT and Update policy condition for checking if file name match user auth id. I found something like (storage.filename(name)[1] ) = auth.uid() but when I try to save that it throws me and error does not support subscripting

I think you want foldername there not filename. filename is just the name of the file without the path. foldername is a function that returns an array of the path seperated by /. So "folders" which really don't exist, but are just part of the pathname.

oh I see so its just about correct index to compare file to auth.uid()

In your first post you said you were using a folder as the uuid, so a bit confused with the latest statement that the filename is uuid.... You might need it after auth.uid() because that returns a uuid and you are comparing to text.

oh my bad I meant to type file not folder...

RLS on storage is a challenge.

yes it seems. Since I'm new to supabase it's really nice to see that quick response and I hope not but it's possible that I'll be bothering you soon again with something😅

This is a user helping user forum so not guarantee of response time.