How to Ensure a User Can Only Access, Add, and Delete Their Own Favorites in Appwrite
- 0
- Self Hosted
- Auth
- Databases

Hi everyone,
I'm building an app using Appwrite, and I'm working on a feature where users can store their favorite items in a "Favorites" collection. Each favorite entry has fields like userId and itemId, and I've set up user authentication so that users can log in.
My goal is to ensure that each user can only view, add, or delete their own favorites and cannot access or modify the favorites of other users. I understand that Appwrite has a permissions system, but I'm not entirely sure how to configure it in a way that restricts access to the favorites collection based on the userId field.
Does anyone have any experience or advice on how to implement this? I’ve looked into Appwrite's permissions for documents, but I’m struggling with how to securely link each user to their own favorites and prevent them from accessing others' data.
Any guidance on setting up the correct permissions or best practices for this scenario would be greatly appreciated!
Thanks in advance!

On the favorites collection toggle on document level permissions. Now when creating a document add these permissions.
await databases.createDocument(
'<DATABASE_ID>',
'<COLLECTION_ID>',
{
foo: "bar"
},
[
Permission.read(Role.user(currentUserId)),
Permission.write(Role.user(currentUserId)),
]
);

Recommended threads
- when is password optional for updatePass...
In the document it says that the old password is option when updatingPassword but when i implemented it requires me to give it my old password. So when is the o...
- Unable to resolve "node-fetch-native-wit...
I using react native and want to use node.js to create a custom token but i get this error. i have done npm i node-fetch-native-with-agent to see if that solves...
- ERROR: NIOHTTPCOMPRESSION/DECOMPRESSION
Hello, I finally got my appwrite self-hosted and created an account which went through to the request. However, when I went to test it through Xcode and login t...
