Get started
We are having lots of fun on Discord. Come and join us!
Star on GitHub 45.1K Get started
Back

[SOLVED] Permissions must be one of: (any, users, user:X)

  • 0
  • Databases
  • Flutter
  • Users
View on Discord
yannic
23 Mar, 2023, 11:18

I want to create a document that has also the read permission for a other user. When I try to achive this with: Permission.read(Role.user(entry.userid)), Permission.read(Role.user(entry.enemyid)),

I get the error "Permission must be one of: (any, users, user:OWN USER ID").

When I add the permission from the web panel everything works fine. Document Security is enabled and the collection permissions are set to users create enabled.

TL;DR
The error "Permissions must be one of: (any, users, user:X)" occurs when trying to set read permissions for a specific user in Appwrite. This behavior is intended for security reasons. To achieve this, you can use Teams to group users and assign permissions to the entire team. Another option is to use Appwrite Functions to write a function that sets permissions for a specific user. This can be done by calling the function using 'createExecution'. Using the server SDK with a REST request and an API key is not recommended as it may expose the API key and potentially compromise the project's security.
Meldiron
23 Mar, 2023, 11:39

Hey there 👋 This is expected behaviour for security reasons. Imagine there was notifications collection. If I could spam anyones notification inbox by giving them read permissions, it would be pretty bad experience for them.

Some possible solutions:

  • Use Teams. Put users into same team (other person needs to accept), and you can now give permission to the team
  • Use Functions. Write a function that would set the permission to specific user. Functions are allowed to do anything. Then, call this function using createExecution
yannic
23 Mar, 2023, 11:40

Okay thanks. Can I also use the server SDK? Like a REST request with a api key?

Meldiron
23 Mar, 2023, 11:41

Yes, that's exactly what Appwrite Function would do. Tho make sure API key is not visible to the client, otherwise they could hack your whole project.

Meldiron
23 Mar, 2023, 11:42

You can do this by for example:

  • Running in Appwrite Function
  • Running on your api server (python, nodeJS, Deno, ..)
  • Running in SSR (possible in most meta web frameworks)
yannic
23 Mar, 2023, 11:42

Okay thanks a lot.

yannic
23 Mar, 2023, 12:02

[SOLVED] Permissions must be one of: (any, users, user:X)

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more