Like what we’re doing? Star us on GitHub!

access control - user missing in req

2 weeks ago

help-> I have setup access control in my app according to the documentation. Everything seem to work fine on my machine. However, when I deploy, anywhere I implementation access control produces an error ( you are not allowed to ...) . I.e.

for example:


const Instruments: CollectionConfig = {

slug: 'instruments',

admin: {

useAsTitle: 'name',



access: {

read: () => true,


update: ({ req: { user } }) =>{

return Boolean(user)




fields: [


name: 'name',

type: 'text',




timestamps: false,


export default Instruments;


read works, create works, but neither do update and delete

  • Jarrod
    Payload Team
    2 weeks ago

    What does your update request/fetch look like?

  • taongaB
    2 weeks ago

    response -> from ssh: Forbidden: You are not allowed to perform this action.

    at new ExtendableError (/home/jelastic/ROOT/node_modules/payload/src/errors/APIError.ts:26:11)

    at new APIError (/home/jelastic/ROOT/node_modules/payload/src/errors/APIError.ts:43:5)

    at new Forbidden (/home/jelastic/ROOT/node_modules/payload/src/errors/Forbidden.ts:7:5)

    at executeAccess (/home/jelastic/ROOT/node_modules/payload/src/auth/executeAccess.ts:9:43)

    at processTicksAndRejections (node:internal/process/task_queues:96:5)

    at update (/home/jelastic/ROOT/node_modules/payload/src/collections/operations/update.ts:97:43)

    at updateHandler (/home/jelastic/ROOT/node_modules/payload/src/collections/requestHandlers/update.ts:24:17)

    this is from trying in payload admin

    Update: solution found

    I added these to my config:








    I am running my app in a virtuozzo environnement with a lot of control on deployment, loadbalancing etc... No clue which on of the 2 worked, though.

Open the post
Continue the discussion in Discord
Can't find what you're looking for?
Get help straight from the Payload team with an Enterprise License.Learn More