Access control within Payload is extremely powerful while remaining easy and intuitive to manage. Declaring who should have access to what documents is no more complex than writing a simple JavaScript function that either returns a boolean or a query constraint to restrict which documents users can interact with.
By default, all Collections and Globals require that a user is logged in to be able to interact in any way. The default Access Control function evaluates the user from the Express req and returns true if a user is logged in, and false if not.
Default Access function:
const defaultPayloadAccess = ({ req: { user } }) => {
2 // Return `true` if a user is found
3 // and `false` if it is undefined or null
4 return Boolean(user)
5}