---
title: Field-level Access Control
label: Fields
order: 30
desc: Field-level Access Control is specified within a field's config, and allows you to define which users can create, read or update Fields.
keywords: fields, access control, permissions, documentation, Content Management System, cms, headless, javascript, node, react, express
---

Field Access Control is specified with functions inside a field's config. All field-level Controls return a boolean value to allow or deny access for the specified operation. No field-level Access Controls support returning query constraints. All Access Control functions accept one `args` argument.

## Available Controls

| Function                 | Purpose |
| ------------------------ | ------- |
| **[`create`](#create)**  | Allows or denies the ability to set a field's value when creating a new document |
| **[`read`](#read)**      | Allows or denies the ability to read a field's value |
| **[`update`](#update)**  | Allows or denies the ability to update a field's value |

**Example Collection config:**
```js
export default {
  slug: 'posts',
  fields: [
    {
      name: 'title',
      label: 'Title',
      type: 'text',
      // highlight-start
      access: {
        create: ({ req: { user } }) => { ... },
        read: ({ req: { user } }) => { ... },
        update: ({ req: { user } }) => { ... },
      },
      // highlight-end
    };
  ],
}
```

### Create

Returns a boolean which allows or denies the ability to set a field's value when creating a new document. If `false` is returned, any passed values will be discarded.

**Available argument properties:**

| Option    | Description |
| --------- | ----------- |
| **`req`** | The Express `request` object containing the currently authenticated `user` |

### Read

Returns a boolean which allows or denies the ability to read a field's value. If `false`, the entire property is omitted from the resulting document.

**Available argument properties:**

| Option    | Description |
| --------- | ----------- |
| **`req`** | The Express `request` object containing the currently authenticated `user` |
| **`id`**  | `id` of the document being read |

### Update

Returns a boolean which allows or denies the ability to update a field's value. If `false` is returned, any passed values will be discarded.

**Available argument properties:**

| Option    | Description |
| --------- | ----------- |
| **`req`** | The Express `request` object containing the currently authenticated `user` |
| **`id`**  | `id` of the document being updated |