Permissions
Last updated
Was this helpful?
Last updated
Was this helpful?
Advanced data permissions is built into the core of the Verida storage architecture, providing for many different ways data can be secured:
Private data: Only the user can read and write (ie: Birth certificate document)
Public read and write: Any user can read and write data (ie: Public comment thread)
Public read and restricted write: Only the user can write, but the public can read data (ie: Public blog)
Restricted read and restricted write: Only an approved list of users can read and write (ie: Private group chat)
All non-public data is encrypted using keys only accessible by the user(s) who have access to that particular data.
When a database / datastore is created, you specify the read
and write
permissions, out of a possible 3 options:
public
— Everyone has permission
users
— Only the specific list of users have permission
owner
— Only the owner has permission
Here are some real world examples:
For private health data, set read=owner
, write=owner
so the data is completely private.
For a public comment thread, set read=public
, write=public
so anyone can read and write comments.
For a public blog post, set read=public
, write=owner
so the blog owner can publish new posts and the public can read them.
For a private group chat, set read=users
, write=users
so only a pre-determined set of users can read from and write to the group chat.
By default, if no permissions are specified, the default permissions are set as read=owner
, write=owner
.
Permissions are specified when opening a database
or datastore
:
When specifying the users
permission type, you must also specify the list of valid user DID’s with userList
: