ObjectStackObjectStack

Permission

Permission protocol schemas

Entity (Object) Level Permissions

Defines CRUD + VAMA (View All / Modify All) + Lifecycle access.

Refined with enterprise data lifecycle controls:

  • Transfer (Ownership change)

  • Restore (Soft delete recovery)

  • Purge (Hard delete / Compliance)

Source: packages/spec/src/security/permission.zod.ts

TypeScript Usage

import { FieldPermission, ObjectPermission, PermissionSet } from '@objectstack/spec/security';
import type { FieldPermission, ObjectPermission, PermissionSet } from '@objectstack/spec/security';

// Validate data
const result = FieldPermission.parse(data);

FieldPermission

Properties

PropertyTypeRequiredDescription
readablebooleanField read access
editablebooleanField edit access

ObjectPermission

Properties

PropertyTypeRequiredDescription
allowCreatebooleanCreate permission
allowReadbooleanRead permission
allowEditbooleanEdit permission
allowDeletebooleanDelete permission
allowTransferbooleanChange record ownership
allowRestorebooleanRestore from trash (Undelete)
allowPurgebooleanPermanently delete (Hard Delete/GDPR)
viewAllRecordsbooleanView All Data (Bypass Sharing)
modifyAllRecordsbooleanModify All Data (Bypass Sharing)

PermissionSet

Properties

PropertyTypeRequiredDescription
namestringPermission set unique name (lowercase snake_case)
labelstringoptionalDisplay label
isProfilebooleanWhether this is a user profile
objectsRecord<string, Object>Entity permissions
fieldsRecord<string, Object>optionalField level security
systemPermissionsstring[]optionalSystem level capabilities
tabPermissionsRecord<string, Enum<'visible' | 'hidden' | 'default_on' | 'default_off'>>optionalApp/tab visibility: visible, hidden, default_on (shown by default), default_off (available but hidden initially)
rowLevelSecurityObject[]optionalRow-level security policies (see rls.zod.ts for full spec)
contextVariablesRecord<string, any>optionalContext variables for RLS evaluation

On this page

TypeScript UsageFieldPermissionPropertiesObjectPermissionPropertiesPermissionSetProperties