Skip to main content

Permissions

Before you can create fields and store data, you must be able to define who can read and write to each field. Let's run through how permissions work in Privy.

Permissions scope who can access data in Privy. A requester is any entity trying to access (read or write) data in Privy. Each requester plays one or more roles in an application that uses Privy. Privy provides the following default roles:

  1. Public - Grants anyone (authenticated or not) access to the field
  2. Self - Grants an authenticated user access to their own data stored in the field
  3. Admin - Reserved for the admin user: an admin is authenticated with an API secret, like any privy-node PrivyClient instance.

These permissions can be applied to either reading or writing. For example, if a field's Writer Roles include "self" only, and Reader Roles include "self" and "admin", that means that anyone can write and read their own user data, but the app admins can only read that data.

Setting default permissions using the Privy console

Fields in Privy have default permissions. That means that as new instances of the field are instantiated, those permissions will be applied to the instance automatically.

To set the default permissions on a field, navigate to the Fields tab in the console and click into the field whose default permissions you want to edit.

In the right hand-side (see below), in the Manage Permissions section, you can edit the Reader Roles and Writer Roles for that field.

Setting default permissions using privy-node

You can also use privy-node to set default permissions on fields as shown below.

import {PrivyClient} from '@privy-io/privy-node';
const client = new PrivyClient(PRIVY_API_KEY, PRIVY_API_SECRET);

client.createField({
name: 'email',
description: 'User email address',
default_access_group: 'self', //allows read and write access to the "self" role
});

The snippet above creates a new field called "email." By default, every user's "email" field will have "self" as reader and writer roles. This can be overriden or modified for given users.

Advanced Permissions

Privy further offers more granular permissioning options for advanced use cases. For example if you are looking to create your own custom role (ex. a role corresponding to your compliance team), see the Custom roles section. If you want to set custom permissions on a per-user basis, see Cell-level permissions.