Storage Helper Functions
Learn the storage schema
Supabase Storage provides SQL helper functions which you can use to write RLS policies.
storage.filename()
#
Returns the name of a file. For example, if your file is stored in public/subfolder/avatar.png
it would return: 'avatar.png'
Usage
This example demonstrates how you would allow any user to download a file called favicon.ico
:
_10create policy "Allow authenticated uploads"_10on storage.objects_10for select_10to public_10using (_10 storage.filename(name) = 'favicon.ico'_10);
storage.foldername()
#
Returns an array path, with all of the subfolders that a file belongs to. For example, if your file is stored in public/subfolder/avatar.png
it would return: [ 'public', 'subfolder' ]
Usage
This example demonstrates how you would allow authenticated users to upload files to a folder called private
:
_10create policy "Allow authenticated uploads"_10on storage.objects_10for insert_10to authenticated_10with check (_10 storage.foldername(name)[1] = 'private'_10);
storage.extension()
#
Returns the extension of a file. For example, if your file is stored in public/subfolder/avatar.png
it would return: 'png'
Usage
This example demonstrates how you would allow restrict uploads to only PNG files inside a bucket called cats
:
_10create policy "Only allow PNG uploads"_10on storage.objects_10for insert_10to authenticated_10with check (_10 bucket_id = 'cats' and storage.extension(name) = 'png'_10);