---
title: Globals Access Control
label: Globals
order: 40
---

You can define Global-level Access Control within each Global's `access` property. All Access Control functions accept one `args` argument.

**Available argument properties:

## Available Controls

| Function                 | Allows/Denies Access |
| ------------------------ | -------------------- |
| **[`read`](#read)**      | Used in the `findOne` Global operation |
| **[`update`](#update)**  | Used in the `update` Global operation |

**Example Global config:**
```js
export default {
  slug: "header",
  // highlight-start
  access: {
    read: ({ req: { user } }) => { ... },
    update: ({ req: { user } }) => { ... },
  },
  // highlight-end
};
```

### Read

Returns a boolean result to allow or deny a user's ability to read the Global.

**Available argument properties:**

| Option    | Description |
| --------- | ----------- |
| **`req`** | The Express `request` object containing the currently authenticated `user` |

### Update

Returns a boolean result to allow or deny a user's ability to update the Global.

**Available argument properties:**

| Option    | Description |
| --------- | ----------- |
| **`req`** | The Express `request` object containing the currently authenticated `user` |