About the Data Permissions API

Warning: Wix Data APIs currently require the site’s code editor (Dev mode) to be enabled. For this reason, we recommend against using these APIs for building Wix CLI apps and self-hosted apps, as the apps may be installed on sites where Dev mode isn’t enabled. For Headless development, you can use the APIs without any restrictions.

The Data Permissions API manages access control for data collections, allowing you to determine who can perform actions on collection items. You can set collection-level permissions for each action, or grant special permissions to specific Wix users or roles.

With the Data Permissions API, you can:

Update collection-level permissions for item actions.
Add special permissions for specific Wix users or roles.
Retrieve the current permissions configuration for a collection.
Check the current user's permissions for a collection.

Learn more about collection permissions.

Permission types

The Data Permissions API lets you manage 2 types of permissions:

Collection-level permissions

Every data collection has a default set of permissions that specify the minimum user role required to perform an action on a collection item. To perform an action, the user must have the specified role or higher.

Special permissions

You can add special permissions to specific users or roles that override collection-level permissions. Special permissions allow Wix users or roles to perform actions on collection items that they otherwise can't perform.

Note: When you remove special permissions from a Wix user or role, collection-level permissions apply instead.

User roles

User roles serve as access levels that define which actions users can perform on collection items. Roles are hierarchical, so users with a particular role can also perform actions that require lower-access roles.

The following roles are listed by their access level in descending order:

PRIVILEGED: Only site administrators and users with special permissions can perform the action.
CMS_EDITOR: Wix users with CMS roles can perform the action.
SITE_MEMBER_AUTHOR: Wix users must be logged-in members to perform the action, but they can only access items that they created.
SITE_MEMBER: Wix users must be logged in to perform the action. This role includes site members and collaborators.
ANYONE: Any site visitor can perform the action, including site visitors.

For example, users who can perform actions restricted to a CMS_EDITOR role can also perform actions that require the SITE_MEMBER_AUTHOR, SITE_MEMBER, ANYONE roles.

Item actions

You can allow or restrict Wix users from performing the following actions on collection items:

Item read: View items in the collection.
Item insert: Create new items in the collection.
Item update: Update existing items in the collection.
Item remove: Remove items from the collection.

Before you begin

It's important to note the following before starting to code:

The site must have a data collection to update permissions for.
You can only manage permissions for collections created in the CMS or with the Data Collections API. You can't configure permissions for Wix app collections, shared collections, or external collections.