Role-based Access Control in payload CMS

Role-based Access Control

It is also possible to allow multiple user types into the Admin Panel with limited permissions, known as role-based access control (RBAC). For example, you may wish to have two roles within the admins Collection:

  • super-admin – full access to the Admin Panel to perform any action
  • editor – limited access to the Admin Panel to only manage content

To do this, add a roles or similar field to your auth-enabled Collection, then use the access.admin property to grant or deny access based on the value of that field. See Access Control for full details. For a complete, working example of role-based access control, check out the official Auth Example.

Collection Access Control is Access Control used to restrict access to Documents within a Collection, as well as what they can and cannot see within the Admin Panel as it relates to that Collection.

To add Access Control to a Collection, use the access property in your Collection Config:

import type { CollectionConfig } from 'payload';
export const CollectionWithAccessControl: CollectionConfig = {
  // ...
  access: { 
   // ...
  },
}

Config options

import type { CollectionConfig } from ‘payload’;

export const CollectionWithAccessControl: CollectionConfig = {

 // …

 access: {

  create: () => {…},

  read: () => {…},

  update: () => {…},

  delete: () => {…},

  // Auth-enabled Collections only

  admin: () => {…},

  unlock: () => {…},

  // Version-enabled Collections only

  readVersions: () => {…},

 },

}

Leave a comment

Your email address will not be published. Required fields are marked *