[SOLVED] Collection vs Document Permissions

and what operation your performing

TL;DR

Title: [SOLVED] Collection vs Document Permissions - User was confused about setting permissions at the document level. - User wanted to give super_admin team read and delete permissions for all documents in a collection. - Solution: Read access can only be granted at the collection level, not the document level. Super_admin team should be given read and delete permissions at the collection level. Also, make sure create access is granted at the collection level.

Trying to create a document that I later have read and write access to

have you given create access

??

have you given create access

and create access can only be granted at the collection level

the permission on document or collection mostly matters when it comes to the other permissions. for example, if you grant read("any") at the collection level, everyone can read every docment. if you grant read("any") at the document level only, everyone can read only that document.

Ok this makes more sense. I'm getting the desired results now and will keep testing. I didnt realize that read access can only be granted at the collection level, that's what confused me.

I didnt realize that read access can only be granted at the collection level

You mean create?

Thank you both for the reply!

Sorry, *create haha

dont confused its too easy once you use too.

If you all can help answer one more question I'd appreciat the help. So I gave all users Create access at the collection level and am able to set write and read permissions at the document level, however, I am also trying to give all admins (under the super_admin team) permission to read and delete a document on creation and am getting a user_unauthorized error when trying to add these two permissions. Here are the two extra items I added to the permissions array:

TypeScript

const permissions = [
  Permission.read(Role.user(user.$id)),
  Permission.write(Role.user(user.$id)),
            
  Permission.delete(Role.team("super_admin")),
  Permission.read(Role.team("super_admin"))
]

I tried this by adding the team ID as well and get the same issue

Collection vs Document Permissions

A user cannot assign a role they don't have.

Should this super_admin team be able to read and delete all documents in this collection?

Yes, super admin should be able to delete. I want to create a document as an owner of that document but also want to give a super_admin the ability to read and delete that document, in the same way a twitter admin can take down a post if it violates terms.

In this case the user should have full read and write permissions, therfore should have the ability to also grant these permissions if needed, right?

then you should add the super_admin at the collection level

Yea, that's makes sense actually. What through me off was this part in the docs where it's shows an example teams being givin permissons at the document level: https://appwrite.io/docs/permissions#example-1

Need support?

Join our Discord

Get premium support

[SOLVED] Collection vs Document Permissions

Recommended threads

Need support?

Join our Discord

Get premium support