elevate( )

Allows a site visitor to call a function without the required permissions.

Warning: The elevate() function enables site visitors to call functions without the required permissions. Exercise caution when using this function to prevent security vulnerabilities.

The elevate() function receives a function requiring permissions and returns an instance of the same function that any site visitor can run.

Some functions require specific roles and permissions to run. Other functions may limit functionality depending on the the visitor's roles and permissions. Using elevate() bypasses the permissions by elevating the site visitor's permissions to the highest level.

For example, the wix-bookings-backend function confirmBooking() requires Bookings Admin permissions. Use elevate() to allow any visitor to run confirmBooking().



  • The elevate() function can only be used in the backend.
  • Some functions have a suppressAuth option for overriding permissions. For these functions, use suppressAuth instead of elevate(). Check your function's reference documentation to see whether suppressAuth or elevate() is supported.
Method Declaration
Method Parameters

Function of which to create an instance with elevated permissions.

Return Type:Function
Was this helpful?