Collection Access

Collection access controls are essential for security because when you connect a Collection to your website — whether as a form, a Collection Page, or a block — the underlying API is exposed.

The Two Primary Settings

View Access determines who can read entries, while Submit Access controls who can create or update them. Both start as None (fully private).

Four access level options exist:

• None — Team-only dashboard access

• Public — Internet access without authentication required

• Members — Logged-in site users exclusively

• Own entries — Users can only view or edit their own creations

Implementation Guidance

For Public Display

Collection Pages and Blocks require View Access set to “Public” or data won’t load due to blocked API calls.

For Submission Forms

The system automatically configures Submit Access as “Public” during form creation, requiring no manual adjustment. However, disabling the form should prompt resetting Submit Access to “None.”

For Restricted Areas

Members-only spaces use either “Members” or “Own entries” depending on whether users should access all data or only their own.

Field-Level Privacy

Individual fields can have custom View Access restrictions separate from Collection-level settings, protecting sensitive information like costs or internal notes while keeping the Collection public. Restricted fields display badges in the schema editor.

Quick Reference