Permissions are attached directly to a Role, and define what data that Role's Users can create, read, update, and delete within the platform.
Directus includes an extremely granular, filter-based permissions system for controlling access. There are several layers to this access control, including:
- Collection — The Collection scope of this permission
- Action — Create, Read, Update, or Delete
- Item Permissions — Filters actionable Items using Filter Rules
- Field Permissions — Toggles which fields can be accessed
- Validation — Filters Item values using Filter Rules
- Presets — Controls the default values for the action
- Limit — Sets a maximum number of items that are actionable
There are also other access control features that are tied directly to the Role. These include:
- IP Access — Restricts user access based on IP Address
- App Access — Restricts user access to the App
- Admin Access — Enables Settings and unrestricted user access
You could set the permissions such that a user can only Update (Action) the Title, Body, Date Published, and Category (Field Permissions) within Articles (Collection) that they created and are still unpublished (Item Permissions) one item at a time (Limit) if they are currently at the NYC office (IP Access). Additionally, the default Category will be "Opinon" (Preset), and the Date Published must be in the future (Validation).