Skip to content
Announcing the Appwrite X MongoDB partnership
Start building
Back

Realtime Events Triggered for Users Without Read Permissions

  • 0
  • Functions
  • Realtime
  • Cloud
View on Discord
zephyr
7 Jul, 2025, 07:19

Realtime events are being received by users who don’t have read permissions on a newly created document.

Here’s the setup:

  1. A document is created in the profiles collection via a Function.
  2. The document is assigned read permissions only for userA and userB.

Permission.read(Role.user('userA')), Permission.read(Role.user('userB')),

But the issue is: userC (who has no permissions) receives the documents.create event through the Realtime subscription.

Is this expected behavior for Appwrite Realtime? Shouldn't permission filters be enforced for realtime events as well?

@Steven @D5

TL;DR
Realtime events are triggering for users without read permissions in Appwrite. Developers created a document with read permissions for userA and userB, but userC is still receiving events. They are questioning if this behavior is expected and if permission filters should be enforced for realtime events.
Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more