CMS: About Collection Permissions

In the CMS (Content Management System), you can change your collection permissions to control who can view, add, update, or delete collection content on your live site. The most common way visitors modify collection content from the live site is with input elements set to collect content. 

Collection permissions help you manage live site access to your collection content and maintain the security of your site's data. For example, if you run an online community, you might want to allow only registered members to view and contribute to certain collections, ensuring that sensitive information stays within your trusted user base.

Collection permissions determine who can access CMS collection content from your live site and what they can do with the content (e.g. view, add items, update existing content, delete content). Usually, this is done with input elements but can also be done with the Data API. Collaborators are always considered 'admins' in collection permissions that control what people can do from the live site.

Learn how to change your collection permissions from the collection settings. 

The 'Show content' permission allows your collection content to be viewable on the live site by site visitors. This setting is useful when you want to make certain information publicly accessible without allowing any modifications. You can choose to make the content viewable by everyone, or restrict it to site members only. This ensures that sensitive content remains protected while still being accessible to those who need it.

It's important to note that depending on the permissions you apply, the collection content can still be accessed if it doesn't appear on your live site. For example, if "Everyone" is selected under "Who can view this content", then anyone can use the Data API to view the collection content. 

The 'Collect content' permission lets visitors add new items to your collection through input elements or API. This is particularly useful for sites that gather user-generated content, such as reviews, comments, or posts. However, this permission does not allow visitors to update existing items or their field values. Use custom permissions if you need to allow existing items or their field values to be updated from the live site. 

You can decide whether any site visitor or only site members can add new content to the collection. Additionally, you can control who can view the added content, ensuring that it meets your site's privacy and security standards.

Dataset settings impact the actions that can be taken on the page, but only collection permissions can actually limit operations that can be performed on data by various roles. Learn more about configuring dataset settings. 

For more control over who can view, add, update, or delete content, set 'Custom' permissions. This allows you to tailor access based on different roles, such as site admins, item creators, members, and general site visitors. For instance, you might allow only admins to delete content, while letting item creators update their own submissions. This flexibility ensures that you can manage your collection content in a way that aligns with your site's specific needs and security requirements.

When using custom permissions, make sure that the permissions you assign match the business logic and the confidentiality classification of the data in the collection. For example, collections with details about customers or business leads should be treated differently than collections about products.

Understanding and managing permissions for all your collections is crucial for maintaining the integrity and security of your site. Each collection can have its own set of permissions, allowing you to customize access based on the type of content and the intended audience. By regularly reviewing and adjusting these permissions, you can ensure that your site's data remains secure and that users have the appropriate level of access.

The roles you see in the custom permissions table are assigned to live site visitors based on their activity and status on the site. CMS roles you assign to collaborators do not matter in collection permissions as all collaborators are considered admins in regards to collection permissions on the live site. 

However, with Velo, you can implement a custom role on a collection by using code to make a data call from the backend with the suppressAuth option. The data call should be made after the membership custom role is validated with the wix-users API functionality in the code. 

The admin always retains permissions for all actions. When you preview your site, you do so in the admin role. To interact as another type of user, first publish your site and then navigate to your live site and either log in as a different user (site member) or not log in at all (anyone). Remember that, if sandbox collections are enabled on your site, your live site works with the live collections and not with the sandbox collections.

When interacting with your collections using the Data API, you can choose to bypass the permissions model in certain cases. The optional WixDataOptions argument can be sent to the API function call with the suppressAuth property set to true. This will cause the function to run without checking if the current user has the correct permissions. You can only bypass permissions when making API calls from backend code. Client-side API calls will always run permission checks, regardless of what options are passed.

For example, a collection may contain comments as well as the email address of the comment creator. Visitors should be able to view the comments, however only the admin should be able to view the email addresses. The authorization suppression can enable the visitors to view the comments without granting visitors the permission to 'read' the comments collection.

This can be done by writing a web module in a .jsw file in the backend that will call the comments collection with the suppressAuth property set to true and then filter out the response and return only the desired fields (comments) to the client for the visitor to view, without the other fields of the collection, specifically without the emails.

Another example for the use of suppressAuth, is where you want to allow a custom role (a specific site member or a specific group of site members) access to a collection that is set with admin permissions. In this case, the web module must check the identity or the role of the site member before calling for the data.