mirror of
https://github.com/directus/directus.git
synced 2026-02-19 08:44:23 -05:00
817ccf3620
* Add Quickstart Guide * Update installation * Remove unused files * Update support/backing * Tweaks in concepts * Setup file structure for API reference 2.0 * Setup page layout for reference * Add clean-urls plugin * getting started updates * Finish authentication rest * getting started updates * Render stylus in 2 spaces * Various * Various * Finish activity docs * Add collections reference * Add extension reference * concepts updates * Fields/tweaks * Add files doc * Add revisions * concepts docs * More api reference * Finish rest api reference (finally) * initial concepts * More things * Add assets api ref * Move sections from file to assets * Add environment variables * contributing docs * Add field transforms page * Left align table headers * concept links * Add API config * Fix mobile nav * Add migrating a project * doc link fixes Co-authored-by: Ben Haynes <ben@rngr.org>
32 lines
2.1 KiB
Markdown
32 lines
2.1 KiB
Markdown
# Permissions
|
|
|
|
> Permissions are attached directly to a Role, and define what data that Role's Users can create, read, update, and delete within the platform.
|
|
|
|
Directus includes an extremely granular, filter-based permissions system for controlling access. There are several layers to this access control, including:
|
|
|
|
- **Collection** — The Collection scope of this permission
|
|
- **Action** — Create, Read, Update, or Delete
|
|
- **Item Permissions** — Filters actionable Items using [Filter Rules](/reference/filter-rules/)
|
|
- **Field Permissions** — Toggles which fields can be accessed
|
|
- **Validation** — Filters Item values using [Filter Rules](/reference/filter-rules/)
|
|
- **Presets** — Controls the default values for the action
|
|
- **Limit** — Sets a maximum number of items that are actionable
|
|
|
|
There are also other access control features that are tied directly to the Role. These include:
|
|
|
|
- **IP Access** — Restricts user access based on IP Address
|
|
- **App Access** — Restricts user access to the App
|
|
- **Admin Access** — Enables Settings and unrestricted user access
|
|
|
|
### Example
|
|
|
|
You could set the permissions such that a user can only **Update** (Action) the **Title, Body, Date Published, and Category** (Field Permissions) within **Articles** (Collection) that **they created and are still unpublished** (Item Permissions) **one item at a time** (Limit) if they are **currently at the NYC office** (IP Access). Additionally, the **default Category will be "Opinon"** (Preset), and the **Date Published must be in the future** (Validation).
|
|
|
|
And this is actually just a _simple_ example. Permissions and Validation support a comprehensive list of [Filter Operators](/reference/filter-rules/#filter-operators), [Relational Filtering](/reference/filter-rules/#filter-relational), [Logical Operators](/reference/filter-rules/#logical-operators), and [Dynamic Variables](/reference/filter-rules/#dynamic-variables).
|
|
|
|
|
|
#### Relevant Guides
|
|
|
|
- [Configuring Role Permissions](/guides/permissions/#configuring-role-permissions)
|
|
- [Configuring System Permissions](/guides/permissions/#configuring-system-permissions)
|