JZ Posts - Convex Community

•Created by JZ on 10/16/2024 in #support-community

File Storage Read Permissions - Currently World-readable!

I am trying to serve files in storage via getUrl, but I've discovered that those files are world readable, outside convex, on the open internet (e.g. via curl - try it on your side). How can I control read access to these functions? Can I set permissions when writing, and if so how? Is this a job for row-level security/RLS? Or some other auth mechanism? What's the correct pattern here? Is there a workaround? Many thanks for any and all urgent assistance

11 replies