← Back to Features
04

Role-Based Access Control

Assign an access mode to any document at write time. VividEcho enforces visibility and modification rules on every subsequent read and write — no middleware to wire up, no permission checks to write. Access is decided per record, at the moment you create or update it, using the x-access header.

The four access levels

Every document carries one of four access levels, each controlling who can read it and who can change or delete it.

Access levelWho can read itWho can change or delete it
privateOnly the user who created itOnly the user who created it
publicAny signed-in userAny signed-in user
readonlyAny signed-in userOnly the user who created it
readanonymousAnyone, including signed-out visitorsOnly the user who created it

private is the safe default for personal data. readonly suits shared reference data that everyone signed in should see but only the author should edit. readanonymous extends that same read access to signed-out visitors, but only has an effect on applications running in B2C mode with anonymous access allowed. public is fully shared in both directions, so it's worth using deliberately.

What happens if you don't set it

Setting x-access is optional. If you leave it off, VividEcho applies a sensible default: brand-new records are created as private, and updating an existing record without specifying an access level simply preserves whatever access level it already had, rather than resetting it.

# Set at write time via header
x-access: private ← only you
x-access: readonly ← all can read
x-access: public ← all can write

← Back to Features