Restricting access to file after upload


Trying to upload a file (that works), then restrict the file permissions to the current user only.

I am using the “on Upload Success” event :

Now, for some reason, the Deny/Grant permission blocks don’t accept thet URL coming from the “Uploaded Files” context block. That would really be what I expected.

So I guess I have to truncate the server name to get the relative URI only. So I have to go through this whole block of code for a simple operation.

Yet, this still doesn’t work :

I wonder if perhaps it’s the file URI being encoded despite my adding it URI decoded ? (see the %2F in the path).

Or am I doing this entirely wrong ? If so, how can I just set the access rights after the user uploads a file ?

Thanks for your help.

Hello @Nicolas_REMY!

I just tested the SET PERMISSIONS block and it works without Decode URI.
Could you please tell me if this is the correct file path and name:


I also want to let you know that there is actually an issue with uploading a file containing special characters in the name.
There is already an internal ticket BKNDLSS-26834 for this.
We will let you know as soon as the issue is fixed, we apologize for the inconvenience.


OK, thanks.
I believe I had tried without the Decode URI, and it did not work, so that’s why I added it.
I will try again and let you know.

Hi @Alexander_Pavelko ,

I have tested again, and still no luck, even without the Decode URI block.

As you can see, the path still looks encoded somehow.

If I may suggest, it would be way simpler if the block could work directly with the output of the file upload (taking as a parameter the “Uploaded Files” block).

I have a feeling I am juggling for a use case which is probably very very common.

Hello @Nicolas_REMY!

As I said above, this error may be because there are special characters in the file name. We are already working on this issue and will let you know as soon as it is fixed.

To be sure about this, please add a screenshot with all logs where I can see the contents of Uploaded Files and file variables

I also created an internal ticket BKNDLSS-31604, to return also the relative path of the file after the upload. Once the ticket is ready you don’t need to do all these operations with the string. We will let you know in this thread when it is ready.


Hi @Alexander_Pavelko,

Thanks for replying. I am quite puzzled however, because I don’t see any special character in the filename. I did provide the screenshot with the errors printed out, right under the Codeless logic, and as you can see there, the filename is just an objectId. So there are no special characters. Only hexadecimal values, dashes and a .jpg extension. Is the dash or the period considered a disallowed character ?

Thanks for the internal ticket and for finding a way for this to work with the relative path. I am sure this would be much much better for many of us. Looking forward to a solution because for now my uploaded files can’t have any security.


I think maybe the problem is in the file path, because I tested set permissions for the file named 249826A1-9D30-4F85-AD24-F6507BC5F952.png, and everything worked correctly for me.


OK, but then we are limited to setting permissions for files at the root only :confused:
Is this the desired behavior, or do you plan on changing that ?

Sorry, I’m not quite sure what you mean.
Could you please explain why we are limited to set permissions only for files in root?


If the slashes are not allowed in the file’s path, then the only way for it to work is if the file is at the root.

I see your point, but with / in the path, it works now.
Here’s the string that I pass in the set permissions block as path: images/249826A1-9D30-4F85-AD24-F6507BC5F952.png and it works for me.


Do I understand correctly that there was an update ? Because I am still encountering the same issue.

Hi @Nicolas_REMY

The update with the fixes for these errors has not been released yet. The relative path (ticket BKNDLSS-31604) has been added, but this ticket has not been released yet.
I have unsuccessfully tried to reproduce your issue, everything works as expected without any errors.

In the last and previous screenshots, an incorrect file path is visible. In the last screenshot, the “if” block seems to have been bypassed because the link starts with http instead of https, and in the previous screenshot, the path should be assets/docs/13... instead of permissions/DENY/assets/docs/13... This is what I noticed.

Please provide your appID, and it would be good to create a test page with this logic so that we can investigate the issue from the inside.


Just wanted to let you know that I finally managed to get this logic to work, but in Cloud Code only.
Perhaps it wasn’t possible to do this from the app ?

hello @Nicolas_REMY

It should be possible if you are using API key or a user that has permission to change permissions

Haven’t managed to make it work…

Hi, @Nicolas_REMY ,

Sorry for the long delay with response.
Your problem is caused by a bug in our routing rules for the custom domains (calls via to the same endpoint work fine). I have created an internal ticket BKNDLSS-31713 for this problem. It should be fixed until the end of the day tomorrow. We will let you know as soon as fix will be released to production.
Sorry for inconvenience.

Regards, Andriy

1 Like

Hi @Andriy_Konoz , thanks for the feedback.
I did think there was something fishy in there.

Best regards.

Hi @Nicolas_REMY ,

Sorry for delay with the fix to the problem. I was just released. Could you please check it from your side and confirm that problem has gone?

Regards, Andriy