Skip to content
Back

Setup Permissions to only allow resource owners for access

  • 0
  • 2
  • Databases
tiMo
7 Jan, 2026, 15:59

I would like to know how you do this in Appwrite Databases. Any ideas?

TL;DR
Set up permissions to only allow resource owners for access by implementing row security in TablesDB. Here are examples in TypeScript for both TablesDB and Collection-based databases using the Appwrite SDK in a Next.js application. The code snippets show how to create a new record with specific permissions for the resource owner by setting read, update, and delete permissions based on the user ID. Remember to adjust the code to include your specific database schema and permissions if needed.
7 Jan, 2026, 16:42

For that, firstly you'll have to set row security via the Console, then you can add the specific permissions via your code .

7 Jan, 2026, 16:43

Can you tell which language or framework you're using?

7 Jan, 2026, 18:08

i use nextjs

7 Jan, 2026, 18:08

thanks

7 Jan, 2026, 18:09

could you provide me an example?

1
7 Jan, 2026, 18:36

Sure, but since I don't know whether you're using TablesDB or earlier Collection based DB, I'll give you the example for both:

  1. For TablesDB you can do something like this:
TypeScript
import { Client, TablesDB, ID, Permission, Role } from "appwrite";

const client = new Client()
  .setEndpoint(process.env.NEXT_PUBLIC_APPWRITE_ENDPOINT!)
  .setProject(process.env.NEXT_PUBLIC_APPWRITE_PROJECT_ID!);

const tablesDB = new TablesDB(client);

export async function createANewRecord(userId: string) {
  return await tablesDB.createRow(
    "DATABASE_ID",
    "TABLE_ID",
    ID.unique(),
    {
      createdAt: Date.now()
    },
    [
      Permission.read(Role.user(userId)),
      Permission.update(Role.user(userId)),
      Permission.delete(Role.user(userId))
    ]
  );
}
  1. And for the Collections DB you can do something like this:
TypeScript
import { Client, Databases, ID, Permission, Role } from "appwrite";

const client = new Client()
  .setEndpoint(process.env.NEXT_PUBLIC_APPWRITE_ENDPOINT!)
  .setProject(process.env.NEXT_PUBLIC_APPWRITE_PROJECT_ID!);

const databases = new Databases(client);

export async function createANewRecord(userId: string) {
  return await databases.createDocument(
    "DATABASE_ID",
    "COLLECTION_ID",
    ID.unique(),
    {
      createdAt: Date.now()
    },
    [
      Permission.read(Role.user(userId)),
      Permission.update(Role.user(userId)),
      Permission.delete(Role.user(userId))
    ]
  );
}

This was just an example, instead of that createdAt: Date.now() you can put any other column name + value pair as per your DB schema. Also, you can set different permissions too as per your choice & requirement.

1
7 Jan, 2026, 18:53

ok, then i am well-prepared. thank you (i am using the new approach: table-based databases)

1
Reply

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more