Folders & ACLs

Secure by Default

DENY By Default

Pulsabase Storage is DENY By Default. This means that when you create a new folder, no one (not even authenticated users) can read, upload, or delete files inside it.

To allow access, you must explicitly create Access Control Lists (ACLs) for your folders.

Folder Structure

Pulsabase organizes files into a single scalable bucket, using a virtual folder hierarchy:

/
├── public/      ← Publicly readable (requires a public ACL)
│   └── avatars/
└── private/     ← Authenticated access only (requires an auth ACL)
    └── invoices/

Creating ACL Policies

You can configure ACL policies directly in the Pulsabase Dashboard under Storage > Policies, or using the SDK.

Dashboard Configuration

1. Go to Storage > Policies.
2. Click New Policy.
3. Set the Path Pattern (e.g., public/avatars/*).
4. Select the permitted Actions (READ, WRITE, DELETE).
5. Assign the Role (public, authenticated, or a custom role).

Example Policies

Path Pattern	Role	Permitted Actions	Result
public/*	public	READ	Anyone can download files, but no one can upload.
users/{user_id}/*	authenticated	READ, WRITE, DELETE	Users can manage their own folder (via {user_id} variable binding).
admin/reports/*	admin	READ, WRITE, DELETE	Only users with the admin role can access theses files.

Caution

Without a matching ACL policy, any attempt to access or modify a file will result in a 403 Forbidden error.