Auth Collection

If your app requires permission-based access control, you should define a permissions field directly in the auth collection. Unlike fields like username or password, which can have customizable names, the permissions field should always be named exactly that to ensure consistency across the system. This allows the framework or service to properly handle permission checks without needing custom configuration. 
{
...
"users": {
    "schema": {
        ...
        "permissions": {
            "type": "array",
            "default": ["user"]
        }
        ...
    }
}
...
}

The permissions field in the auth collection must be an array. While setting a default value is optional, it's recommended to assign at least one permission (e.g., user) automatically when a user registers. For general-purpose roles, you can use values like user, customer, or admin. For more specific use cases, permissions like only-view or post-editor can be used. All of these permission values can be referenced in the permission definitions of any collection, making it easy to control access with fine-tuned flexibility.

Edit this page on Github© 2025 kav3.com. Crafted with and dedication.