1

I get this error while uploading files on Supabase storage, again Supabase storage not table :

new row violates row-level security policy

This is the code I am using in .NET:

internal sealed class StorageRepository : IStorageRepository
{
    private readonly Client _client;

    public StorageRepository(Client client)
    {
        _client = client;
    }

    
    public async Task<string> SaveFileAsync(
       byte[] file,
       string identifier,
       string bucketName)
    {

        var result = await _client
                .Storage
                .From(bucketName)
                .Upload(
                     data: file,
                     supabasePath: identifier);

        return result;
    }
}

This is complete error with detailed exception :

new row violates row-level security policy at Supabase.Storage.Extensions.HttpClientProgress.UploadAsync(HttpClient client, Uri uri, Stream stream, Dictionary`2 headers, Progress`1 progress) at Supabase.Storage.StorageFileApi.UploadOrUpdate(Byte[] data

I have tried by adding a new policy which allows only authenticated user to { SELECT, UPDATE, DELETE, UPDATE } but still it did not work:

enter image description here

Improve this question
4
  • 1
    May this GitHub answer be of any help? github.com/orgs/supabase/discussions/… Commented May 29, 2024 at 11:58
  • could you please share the detais or code you used to add the new policy? Commented May 31, 2024 at 6:53
  • @EspressoCode I have not written any code, just used the existing policy "Give users access to a folder only to authenticated users" Commented May 31, 2024 at 10:23
  • 1
    @AstridE. that GitHub discussion helped, can you add it as an answer, I executed two queries given in that answer Commented May 31, 2024 at 10:36

1 Answer 1

Reset to default
1
+50

A question regarding new row violates row-level security policy was asked by lucasmrl on Supabase's GitHub in 2021. lucasmrl answered their own question with some insight and a suggestion for how to handle the situation. Maybe that post can be useful?

To sum it up:

Scenario
  1. The user creates an account and a public bucket containing a folder
  2. The user tries to upload an image with the following code:
const { data, error } = await supabase.storage
    .from("bucket ID")
    .upload("file name", file, { cacheControl: "3600" });
  1. The user receives an error message referencing a table and a security policy, both of which the user does not expect to exist:

"new row violates row-level security policy for table "objects"" statusCode: "42501"

Insight

Even if the bucket is "public", you still need to set up policies

Policy suggestion

To let people VIEW files in a bucket and UPLOAD files to a bucket, execute the following SQL queries:

VIEW: create select policy

create policy "Public Access Bucket Images Get"
on storage.objects for select
using ( bucket_id = 'bucket ID' );

UPLOAD: create insert policy

create policy "Public Access Bucket Images Post"
on storage.objects for insert
with check ( bucket_id = 'bucket ID' );

More on creating policies in Supabase in the docs.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.