multiRole
Update collection permissions for a role
Update collection-specific permissions for a role in a project. Accepts BearerToken (JWT) or ApiKeyAuth (X-API-Key).
PATCH
/api/projects/{projectId}/multi-role/roles/{roleSlug}/collections/{collectionId}/permissionsAuthentication
Requires JWT
Note
Include your JWT in the
Authorization: Bearer YOUR_TOKEN header (user-facing apps, RBAC). View authentication guide →Path Parameters
| Name | Type | Required | Description |
|---|---|---|---|
projectId | string | Yes | Project ID. |
roleSlug | string | Yes | Role slug (e.g. starter `customer` or a role you added). |
collectionId | string | Yes | Collection ID to set permissions for. |
Request Body
Allowed actions and optional conditions for the role on this collection.
json
{
"actions": [
"create",
"read",
"update",
"delete"
],
"conditions": {
"status": "active"
},
"dataScope": "own",
"ownerField": "firewall compress"
}{
"actions": [
"create",
"read",
"update",
"delete"
],
"conditions": {
"status": "active"
},
"dataScope": "own",
"ownerField": "firewall compress"
}SDK setup
Create a client and set credentials (JWT and/or API key) before calling the API. Match the authentication type shown above.
import { MudbaseClient } from "mudbase";
const client = new MudbaseClient();
client.setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c3JfbW9yZ2FuX2RlIiwiZW1haWwiOiJtb3JnYW4uY2hlbkBub3J0aHdpbmQuZGV2IiwiZXhwIjoxODI1MTI5NjAwfQ.doc_preview_sig");import { MudbaseClient } from "mudbase";
const client = new MudbaseClient();
client.setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c3JfbW9yZ2FuX2RlIiwiZW1haWwiOiJtb3JnYW4uY2hlbkBub3J0aHdpbmQuZGV2IiwiZXhwIjoxODI1MTI5NjAwfQ.doc_preview_sig");Example request
Call this endpoint using the client from SDK setup. Use View HTTP for a raw cURL example.
const result = await client.multiRole.updateCollectionPermissions({
projectId: "proj_CgtXYGoOSGrx",
roleSlug: "mysterious-dead-7mf3",
collectionId: "fl0s5W6SzjZDLEBU",
actions: "protocol override",
conditions: "interface compress",
dataScope: "transmitter hack",
ownerField: "interface transmit"
});const result = await client.multiRole.updateCollectionPermissions({
projectId: "proj_CgtXYGoOSGrx",
roleSlug: "mysterious-dead-7mf3",
collectionId: "fl0s5W6SzjZDLEBU",
actions: "protocol override",
conditions: "interface compress",
dataScope: "transmitter hack",
ownerField: "interface transmit"
});Try It Live
Test this endpoint with your own credentials. Your requests will be sent to the live API.
Use the auth endpoints to obtain a JWT.
No Request Yet
Send a request to see the full inspector
Responses
200Collection permissions updated
json
{
"success": true,
"message": "Collection permissions updated",
"data": {
"slug": "customer",
"name": "Customer",
"description": "Default app user role. Edit name/slug and assign create/read/update/delete per collection after you add schemas.",
"isEnabled": true,
"isCustom": true,
"signupEndpoint": "customer",
"requiresApproval": false,
"requiresPayment": false,
"requiresKYC": false,
"defaultPermissions": [],
"collectionPermissions": [
{
"collectionId": "696ba6e4f4a9422ac4be4f74",
"collectionSlug": "posts",
"actions": [
"create",
"read",
"update",
"delete"
],
"conditions": {
"status": "active"
}
}
]
}
}{
"success": true,
"message": "Collection permissions updated",
"data": {
"slug": "customer",
"name": "Customer",
"description": "Default app user role. Edit name/slug and assign create/read/update/delete per collection after you add schemas.",
"isEnabled": true,
"isCustom": true,
"signupEndpoint": "customer",
"requiresApproval": false,
"requiresPayment": false,
"requiresKYC": false,
"defaultPermissions": [],
"collectionPermissions": [
{
"collectionId": "696ba6e4f4a9422ac4be4f74",
"collectionSlug": "posts",
"actions": [
"create",
"read",
"update",
"delete"
],
"conditions": {
"status": "active"
}
}
]
}
}400Bad request or validation error.
401Authentication required or invalid token.
403Access denied or insufficient permissions.
Errors
| Code | Meaning |
|---|---|
400 | Bad request or validation error. |
401 | Authentication required or invalid token. |
403 | Access denied or insufficient permissions. |