Prevent modification of files in R2

For Workes & Pages, what is the name of the domain?

<irrelevant, we use R2 bucket>

What is the issue or error you’re encountering

We want to prevent accidental modification of files in R2

What steps have you taken to resolve the issue?

Posted in developers > storage, as I don’t see a category for R2.

I’ve checked documentation, I don’t see a way to set up policy that would protect file from accidental overwrites.
Developer should still be able to create new files

Possible solutions:

  1. prevent deletion/overwrite of files in R2 bucket, require additional privileges
  2. prevent only overwrite (this is optimal, developers would need to first explicitly delete file to create a new one)

Thanks!

1 Like

Hey,

You can create tokens with relevant permissions. This might not solve the issue with overwrite (if the user with read and write access is uploading a new object), but is a good place to start?

but is a good place to start?

Not really. I explicitly want to revoke permission to overwrite existing file, that’s a meaningful layer of protection.

Revoking writing permission does not any protection, as developers and systems still need to write files, and it is impossible to track down all tools and places in code used to move data around and force those to adhere to the same policy.

In AWS this is now explicit: