Access Control on a per-document or per-collection basis


We are looking ahead to some new features and I wanted to see if there was an established path for access control.

My client offers multiple software products. We want to restrict access to specific Prismic documents (os r better yet, collections) depending on if the user holds a valid license.

Has anyone found success with this sort of functionality? Are there any features native to Prismic that enables this without client-side checks?

1 Like

Hi @shawn.rice, thanks for reaching out about this. Prismic doesn’t have any sort of native features for this sort of thing. This is something that will need to be handled in your website application.

What you could do in Prismic is use a Select field or a Select field in a Group for your content authors to choose the group of users that have access to a given document. Then in your website app you could look to see which users have been selected and do the validation check from there.

I’m also interested, though, to see what others out there have done to achieve this :slightly_smiling_face:

Talked to the team and our access control needs are pretty robust and we are fairly certain that we will need to pass requests through a node server to ensure the user has the appropriate permissions before making any queries.

But our content team loves the Prismic Toolbar.

I can tell that it’s an iframe but am otherwise pretty lost as to how it’s receiving data. Is there any visibility into that? Any known methods to feed data into it?

@shawn.rice I’m sorry, I think I’m a bit lost now. How does the Prismic Toolbar fit into this? What is it you would like to do / pass into the toolbar?

Apologies. I have now realized that the graphQL layer does not interfere completely with the toolbar’s ability to function.

I have a different question on that but will address it in a different topic for visibility’s sake.