Unable to delete `auth.users` row due to `objects_owner_fkey` FK constraint about storage HOT 19 CLOSED

workaround:
Before deleting a user, delete all files using the supabase client.

const deleteAllUsers = async () => {
  const {
    data: { users },
  } = await client.auth.admin.listUsers();
  for (let user of users) {
    const directory = `users/${user.id}`;
    const fileRes = await client.storage.from("images").list(directory);
    for (let file of fileRes?.data ?? []) {
      console.log({ file });
      await client.storage.from("images").remove([`${directory}/${file.name}`]);
    }

    const { error } = await client.auth.admin.deleteUser(user.id);
    if (error) {
      console.log(`client.auth.admin.deleteUser(${user.id}) failed.`, {
        error,
      });
      throw new Error(error.message);
    }
  }
};

from storage.

In my case, I want to delete all objects(photos uploaded by a user) when the user is deleted.
So I fixed storage.objects table's owner column Cascade.

Now, user and objects can be deleted without error.

from storage.

Hi @inian

As I understand, the solution to this is to add this SQL

drop constraint objects_owner_fkey,
add constraint objects_owner_fkey
   foreign key (owner)
   references auth.users(id)
   on delete set null;

Is that correct?

Additionally, can you share some insight into what is going on behind the scenes to create this restriction, and why it is in place?

from storage.

I believe the idea here is that they don't want to delete the row because then the file will forever be stored without any reference. Until they have a proper way of handling deleting files as well on user deleted I don't think this will come anytime soon.

from storage.

Thats a good point Jian. I will add a trigger to make the owner as null in storage.objects when a row is deleted from auth.users.

from storage.

Also as a side question, is it a good idea or good practice to run our own migrations on the auth and storage schemas?

from storage.

good practice to run our own migrations on the auth and storage schemas

No - it would not be a good idea to modify the auth or storage schema. If you need to extend the functionality it would be best to add your own schemas. (and you can create views if you want to "join" schemas)

from storage.

I believe the idea here is that they don't want to delete the row because then the file will forever be stored without any reference. Until they have a proper way of handling deleting files as well on user deleted I don't think this will come anytime soon.

If we use set null instead of cascade, the database will still maintain a reference to the underlying S3 object though. Would that be sufficient?

from storage.

good practice to run our own migrations on the auth and storage schemas

No - it would not be a good idea to modify the auth or storage schema. If you need to extend the functionality it would be best to add your own schemas. (and you can create views if you want to "join" schemas)

Then, what would be the recommended practice here? I can't delete all objects uploaded by the user to storage before deleting the user because some of the objects still have to be retained after a user deletion.

For example, user Z uploads an avatar image for his team and later deletes his account. In this scenario, we would expect that deleting user Z wouldn't also delete the avatar image he uploaded.

from storage.

I haven't tested it out on an actual project but that does seem like it would work @mcewen87. The constraint is in place so that each storage owner is linked to an auth user and cos owner field shouldn't be any UUID.

from storage.

I haven't tested it out on an actual project but that does seem like it would work @mcewen87. The constraint is in place so that each storage owner is linked to an auth user and cos owner field shouldn't be any UUID.

Thank you! I'll give it a try.

from storage.

On my side, I had a "users" table with constraint users_id_fkey between my stripe table and "auth.users" table.

I simply added :
alter table users drop constraint users_id_fkey, add constraint users_id_fkey foreign key (id) references auth.users(id) on delete cascade;

from storage.

Feel free to re-open when providing more info

from storage.

Feel free to re-open when providing more info

Why would this need more info? You cannot delete a user from auth if they have records associated in the objects table. It is a bit of a pain.

from storage.

Faced the same issue today, didn't help that when I tried to delete a user through the UI (inside the Authentication tab), the error message was: "Failed to delete user: Failed to delete user". Only stumbled upon the actual error when I tried deleting the user through the SQL editor.

from storage.

An example of this problem in production for us was when employees of a business updated image content within the application. However, we did not realize that the authentication object associated with the employee would become bound to that image asset, making it impossible to delete the authentication user afterwards. Although we were able to work around this issue, it would be helpful to have more control over this relationship when uploading assets, especially since we updated some signup logic.

from storage.

@kiwicopple @fenos We face the same issue. Since this is still open, what is your recommended best practice if we want to delete a user but keep their uploaded objects?

from storage.

I got the same issue now, after hours of debugging and testing every possible way, this ended up working:

1. Select Storage from Table Editor
   

2. Change the column type of owner to text instead of uuid.
   

3. Set correct RLS Policies

4. Voila! 🥳

from storage.

We have removed the FK constraint now and we have a new column called owner_id and owner column is deprecated

from storage.