Skip to content
Init is coming / May 19 - 23
Back

grant permisions only to users in collection

  • 0
  • Databases
  • Web
kakadu222
9 May, 2025, 12:57

I'm building a web app and instead of using Appwrite Auth, I made my own custom auth system that stores user data in documents. I have a "Profile" page where logged-in users can update their username and password. The route is already protected — only authenticated users can access it. My question is: how do I make sure that only the owner of the profile (or someone with permissions) can update that specific document in the collection? Since I'm not using Appwrite's built-in users, I'm not sure how to handle document-level permissions properly in this case. What should i do?

TL;DR
Ensure that developers set up custom document-level permissions in the database so only the document owner can update the data. This can be done by storing the document owner's ID in the document itself and checking it before allowing updates.
Reply

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more