Globals Access Control

Global Access Control is Access Control used to restrict access to Global Documents, as well as what they can and cannot see within the Admin Panel as it relates to that Global.

To add Access Control to a Global, use the access property in your Global Config:

1import type { GlobalConfig } from 'payload'
2
3export const GlobalWithAccessControl: GlobalConfig = {
4  // ...
5  access: {
6    
7    // ...
8  },
9}

Config Options

Access Control is specific to the operation of the request.

To add Access Control to a Global, use the access property in the Global Config:

1import { GlobalConfig } from 'payload'
2
3const GlobalWithAccessControl: GlobalConfig = {
4  // ...
5  access: {
6    read: ({ req: { user } }) => {...},
7    update: ({ req: { user } }) => {...},
8
9    // Version-enabled Globals only
10    readVersions: () => {...},
11  },
12}
13
14export default Header

The following options are available:

Function	Allows/Denies Access
`read`	Used in the `findOne` Global operation. More details.
`update`	Used in the `update` Global operation. More details.

If a Global supports Versions, the following additional options are available:

Function	Allows/Denies Access
`readVersions`	Used to control who can read versions, and who can't. Will automatically restrict the Admin UI version viewing access. More details.

Read

Returns a boolean result or optionally a query constraint which limits who can read this global based on its current properties.

To add read Access Control to a Global, use the access property in the Global Config:

1import { GlobalConfig } from 'payload'
2
3const Header: GlobalConfig = {
4  // ...
5  access: {
6    read: ({ req: { user } }) => {
7      return Boolean(user)
8    },
9  },
10}

The following arguments are provided to the read function:

Option	Description
`req`	The Request object containing the currently authenticated `user`.

Update

Returns a boolean result or optionally a query constraint which limits who can update this global based on its current properties.

To add update Access Control to a Global, use the access property in the Global Config:

1import { GlobalConfig } from 'payload'
2
3const Header: GlobalConfig = {
4  // ...
5  access: {
6    update: ({ req: { user }, data }) => {
7      return Boolean(user)
8    },
9  },
10}

The following arguments are provided to the update function:

Option	Description
`req`	The Request object containing the currently authenticated `user`.
`data`	The data passed to update the global with.

Read Versions

If the Global has Versions enabled, the readVersions Access Control function determines whether or not the currently logged in user can access the version history of a Document.

To add Read Versions Access Control to a Collection, use the readVersions property in the Global Config:

1import type { GlobalConfig } from 'payload'
2
3export const GlobalWithVersionsAccess: GlobalConfig = {
4  // ...
5  access: {
6    readVersions: ({ req: { user } }) => {
7      return Boolean(user)
8    },
9  },
10}

The following arguments are provided to the readVersions function:

Option	Description
`req`	The Request object containing the currently authenticated `user`.

See what others are building with Payload.

"Payload has transformed the way our clients manage content. It's an indispensable tool for any modern agency."

Get the resources you need to start building today

Microsoft chose Payload to tell the world about AI.

Globals Access Control

Config Options

Read

Update

Read Versions

Field-level Access Control