Code-based nature means you can build on top of it to power anything.
Resources
DocumentationExamplesTemplatesGitHubBlog
Community
RoadmapDiscordCommunity Help
Payload Cloud

Deploy your entire stack in one place with Payload Cloud.

LoginCloud Pricing
It’s time to take back your content infrastructure.
Schedule a Demo
Enterprise Features
SSOPublishing WorkflowsVisual EditorStatic A/B testingAI features
Customer Stories
MicrosoftBlue OriginHello BelloMythical SocietyTekton
Featured Customer Story

Microsoft chose Payload to tell the world about AI.

Read the case study
New projectLogin
New projectLogin

Globals Access Control

Global Access Control is Access Control used to restrict access to Global Documents, as well as what they can and cannot see within the Admin Panel as it relates to that Global.

To add Access Control to a Global, use the access property in your Global Config:

1
import type { GlobalConfig } from 'payload';
2
3
export const GlobalWithAccessControl: GlobalConfig = {
4
// ...
5
access: {
6
// ...
7
},
8
}

Config Options

Access Control is specific to the operation of the request.

To add Access Control to a Global, use the access property in the Global Config:

1
import { GlobalConfig } from 'payload'
2
3
const GlobalWithAccessControl: GlobalConfig = {
4
// ...
5
access: {
6
read: ({ req: { user } }) => {...},
7
update: ({ req: { user } }) => {...},
8
9
// Version-enabled Globals only
10
readVersion: () => {...},
11
},
12
}
13
14
export default Header

The following options are available:

FunctionAllows/Denies Access
readUsed in the findOne Global operation. More details.
updateUsed in the update Global operation. More details.

If a Global supports Versions, the following additional options are available:

FunctionAllows/Denies Access
readVersionsUsed to control who can read versions, and who can't. Will automatically restrict the Admin UI version viewing access. More details.

Read

Returns a boolean result or optionally a query constraint which limits who can read this global based on its current properties.

To add read Access Control to a Global, use the read property in the Global Config:

1
import { GlobalConfig } from 'payload'
2
3
const Header: GlobalConfig = {
4
// ...
5
read: {
6
read: ({ req: { user } }) => {
7
return Boolean(user)
8
},
9
}
10
}

The following arguments are provided to the read function:

OptionDescription
reqThe Request object containing the currently authenticated user.

Update

Returns a boolean result or optionally a query constraint which limits who can update this global based on its current properties.

To add update Access Control to a Global, use the access property in the Global Config:

1
import { GlobalConfig } from 'payload'
2
3
const Header: GlobalConfig = {
4
// ...
5
access: {
6
update: ({ req: { user }, data }) => {
7
return Boolean(user)
8
},
9
}
10
}

The following arguments are provided to the update function:

OptionDescription
reqThe Request object containing the currently authenticated user.
dataThe data passed to update the global with.

Read Versions

If the Global has Versions enabled, the readVersions Access Control function determines whether or not the currently logged in user can access the version history of a Document.

To add Read Versions Access Control to a Collection, use the readVersions property in the Global Config:

1
import type { GlobalConfig } from 'payload'
2
3
export const GlobalWithVersionsAccess: GlobalConfig = {
4
// ...
5
access: {
6
readVersions: ({ req: { user }}) => {
7
return Boolean(user)
8
},
9
},
10
}

The following arguments are provided to the readVersions function:

OptionDescription
reqThe Request object containing the currently authenticated user.
Next

Field-level Access Control

On this page
Star on GitHub

Star

Chat on Discord

Discord

online