Migration Rest Portal

Build Apps

Go Headless

Client

API Preview

Develop Websites

REST

# Velo: About Web Module Permissions

<div style="background: #D9F4F4; border: 1px solid #B3E9E8; border-radius: 6px; padding: 7px 17px 7px 17px; width: max-content; margin-top: 5px; margin-bottom: 5px;">Visit the <a style="text-decoration: color: #3197EF;" href="https://www.wix.com/velo" target="_blank">Velo by Wix website</a> to onboard and continue learning.</div>

>**Note:** 
> You should have already learned about [Web Modules](https://support.wix.com/en/article/calling-server-side-code-from-the-front-end-with-web-modules) before reading this article.

Web Module permissions allow you to control which users can work with functionality in your site that depends on your Web Module functions. 

Setting Web Module permissions allows you to ensure that no one can access or use your backend code in ways that you didn't intend, either through your site's functionality or using a browser's developer tools.

#### Web Module permissions example

The following example shows how backend functions with added permissions can only be called by certain types of site visitors.

This example was created using the following code:

```javascript
import { helloAnyone, helloMember, helloAdmin } from 'backend/helloModule';

$w.onReady(function () {
    $w('#anyoneButton').onClick(async () => {
        try{
            $w('#responseText').text = await helloAnyone();
            setupGoodResponse();
        }
        catch {
            $w('#errorText').text = 'Backend call failed. Are you sure you are an anyone?';
            setupBadResponse();
        }
    });

 $w('#memberButton').onClick(async () => {
        try{
            $w('#responseText').text = await helloMember();
            setupGoodResponse();
        }
        catch {
            $w('#errorText').text = 'Backend call failed. Are you logged in?';
            setupBadResponse();
        }
    });

 $w('#adminButton').onClick(async () => {
        try{
            $w('#responseText').text = await helloAdmin();
            setupGoodResponse();
        }
        catch {
            $w('#errorText').text = 'Backend call failed. Are you sure you\'re the admin?';
            setupBadResponse();
        }
    });
});

function setupGoodResponse() {
    $w('#errorText').hide();
    $w('#responseText').show();
}

function setupBadResponse() {
    $w('#errorText').show();
    $w('#responseText').hide();
}
```

You can experiment with this example for yourself on our [Hello Web Modules](https://www.wix.com/velo/example/hello-web-modules) example page.

#### To set Web Module permissions

1.  Hover over your Web Module, click the settings icon ![](https://d2x3xhvgiqkx42.cloudfront.net/12345678-1234-1234-1234-1234567890ab/11e10e4f-b84d-4136-a5a9-6109fab0b7d7/2017/07/20/f54ab26f-9827-463c-b57e-46c5a476866d.png) , and select Edit Web Module Permissions.
2.  The Web Module Permissions panel opens, which displays each exported function in your Web Module. Functions that are not exported are not listed.

<div style="text-align:center">

![](https://d2x3xhvgiqkx42.cloudfront.net/12345678-1234-1234-1234-1234567890ab/11e10e4f-b84d-4136-a5a9-6109fab0b7d7/2017/07/20/70c36558-01ea-499c-97ce-958c16d280c5.jpg)

</div>

1.  Click the dropdown next to each function to define its permissions. The choices are:

*   Admin. The administrator of the site.
*   Site member. Anyone who has logged in to the site.
*   Anyone. Anyone visiting the site.

<blockquote class="warning">

**Note:** 
By default, permissions are granted to Anyone for all the functions in your Web Module.

</blockquote>