Permissions

Permissions define what an authenticated user can do with Liveblocks resources such as rooms, comments, and feeds.

With ID tokens, permissions live on the room and Liveblocks checks them when a user connects. With access tokens, you grant permissions when you prepare a session.

Permission format

A user’s access to a room is defined by a list of permissions.

Each permission uses the format resource:scope. The resource can be * for the whole room, with read or write scope. Specific resources such as storage, comments, and feeds can use read, write, or none.

Base permissions

By setting the permission for the resource *, you define the base scope for all the resources of the room. You can choose between read or write access:

• *:read → the user will have read access to everything in the room.
• *:write → the user will have write access to everything in the room.

More granular permissions

You can opt into or opt out of access to specific room resources:

• Storage with storage:read, storage:write, or storage:none.
• Comments with comments:read, comments:write, or comments:none.
• Feeds with feeds:read, feeds:write, or feeds:none.

Here’s an example giving write access to everything except read-only access to storage:

[  "*:write",  "storage:read", // Lower storage access from write to read];

Here’s an example giving read access to everything, except write access to comments and no access to feeds:

[  "*:read",  "comments:write", // Raise comments access to write  "feeds:none", // Remove access to feeds];

List of all permissions

Where to use permissions

With ID tokens, use permissions in defaultAccesses, groupsAccesses, and usersAccesses when you create or update rooms. With access tokens, use permissions when you allow access to rooms in an authentication endpoint.