WOLFRAM

Wolfram Language & System Documentation Center

Permissions

is an option for CloudObject and related cloud functions that specifies permissions for classes of users to access or perform operations.

Details
Details and Options Details and Options
Examples  
Basic Examples  
Scope  
All  
Authenticated  
Specific Users  
Permissions Group  
Permissions Constraints  
Multiple Users Classes  
Applications  
Possible Issues  
See Also
Related Guides
Related Workflows
History
Cite this Page

Permissions

Permissions

is an option for CloudObject and related cloud functions that specifies permissions for classes of users to access or perform operations.

Details

  • Possible settings include:
  • "Public"accessible for primary action by anyone
    "Private"private to the owner
    "unixstring"permissions for everyone specified in Unix string format
    {class1->per1,class2->per2,}different permissions specified for different classes of users or requests
  • The setting "Public" allows execution of APIFunction, FormFunction, and related constructs. It allows reading and interaction for notebook and CDF objects. For other objects, it allows reading only.
  • Possible classes of users or requesters include:
  • Alleveryone
    "Authenticated"everyone signed in as a cloud user
    "Owner"owner of the object
    {user1,user2,}an explicit list of users
    PermissionsGroup["name"]users in a permissions group
    PermissionsKey["key"]requesters with a valid permissions key
    <|"prop1"val1,"prop2"val2,|>requesters for which the propi match vali
  • Users can be referenced by their cloud user IDs, $UserURLBase names, or cloud user UUID strings of the form "user-uuid".
  • Possible elements in the association to define requesters include:
  • "CloudUserID"formcloud user ID of the requesting user conforms to form
    "GeoLocationCountry"forminferred country of origin conforms to form
    "StartDate"datecurrent date is after the specified date
    "EndDate"datecurrent date is before the specified date
  • Dates are specified using DateObject. Countries are specified as Entity objects, or by their standard names (e.g. "UnitedStates").
  • For "CloudUserID" and "GeoLocationCountry", the following can be used:
  • "prop"valueallow only the specified value
    "prop"{value1,value2,}allow any of the valuei
    "prop""Disallow"{value1,}disallow any of the valuei
    "prop"<|"Allow"aval,"Disallow"dval|>allow the values aval; disallow the dval
  • Values for "CloudUserID" can be given as string patterns that include the wildcard character *.
  • Permissions allowed for particular classes of users are specified by giving lists of capabilities.
  • Core file-related capabilities include:
  • "Read"read content from the object
    "Write"write content permanently to the object
    "Execute"execute code in the object (e.g. via a form or API)
    Automaticallow the primary action on the object
    Allallow all actions on the object
  • Core file-related capabilities can also be specified as Unix-like permissions strings of the form "rwx" etc.
  • For APIFunction, FormFunction, and related cloud functions, the primary action associated with Automatic is "Execute". For notebooks, it is "Interact".
  • Additional capabilities related to notebooks include:
  • "Edit"allow editing of the notebook document
    "Save"allow saving of the notebook
    "CellEdit"edit content in existing cells
    "CellCreate"create new cells
    "CellDelete"delete existing cells
    "Evaluate"evaluate code in cells
    "Interact"allow use of interactive content (e.g. Manipulate)
  • "Write" allows arbitrary rewriting of a CloudObject. "Save" only allows writing changes generated by interactions in the notebook view, such as the state of dynamics and manipulates.
  • "Read" and "Write" affect what is permanently stored in a CloudObject.
  • "Edit" allows temporary modification in a notebook view. "Write" is required to allow modifications to be saved permanently.
  • "Write" is possible only for authenticated users.
  • Regardless of the specified permissions, editing of notebooks and evaluation of cells only works in the CloudObjectURLType"Environment" view, not the "Object" view.
  • $Permissions gives the default setting for the Permissions option.

Examples

open all close all

Basic Examples  (5)

Deploy a cloud object that can be accessed by the world:

Wolfram Language code: CloudDeploy[APIFunction[{"n" -> "Integer"}, FactorInteger[#n]&], Permissions -> "Public"]

By default, deployed cloud objects can be accessed only by the owner:

Wolfram Language code: obj = CloudDeploy[APIFunction[{"n" -> "Integer"}, FactorInteger[#n]&]]
Wolfram Language code: Options[obj, Permissions]

Make the object accessible by anyone:

Wolfram Language code: SetOptions[obj, Permissions -> "Public"]
Wolfram Language code: Options[obj, Permissions]

Deploy a 3D contour plot that is only visible to a certain user:

Wolfram Language code: obj = CloudDeploy[ContourPlot3D[x ^ 3 + y ^ 2 - z ^ 2 == 0, {x, -2, 2}, {y, -2, 2}, {z, -2, 2}], Permissions -> "user@wolfram.com" -> {"Read"}]

Allow anyone with a permissions key ("secret") to access a form:

Wolfram Language code: obj = CloudDeploy[FormPage[{"text", "Text:"} -> "String", Classify["Spam", #text]&, AppearanceRules -> "Title" -> "Spam Detector"], Permissions -> {PermissionsKey["secret"] -> {"Execute"}}]

Allow all capabilities to anyone with a wolfram.com cloud user ID:

Wolfram Language code: obj = CloudDeploy[Manipulate[Factor[ToExpression["x"] ^ n + 1], {n, 10, 100, 1}], Permissions -> <|"CloudUserID" -> "*@wolfram.com"|> -> All]

Scope  (15)

All  (1)

Allow anyone to read a notebook:

Wolfram Language code: CloudDeploy[Notebook[{Cell["This notebook is public.", "Text"]}], Permissions -> All -> "Read"]

Authenticated  (1)

Allow anyone who is logged in to read a notebook:

Wolfram Language code: CloudDeploy[Notebook[{Cell["This notebook can be read by users who are logged in.", "Text"]}], Permissions -> "Authenticated" -> "Read"]

Users who are not logged in will be prompted to log in.

Specific Users  (1)

Allow a list of users to access a notebook:

Wolfram Language code: CloudDeploy[Notebook[{Cell["This notebook can be read by specific users.", "Text"]}], Permissions -> {"user@wolfram.com", "user2@wolfram.com"} -> "Read"]

Grant different permission capabilities to different users:

Wolfram Language code: CloudDeploy[Notebook[{Cell["This notebook can be read by specific users.", "Text"]}], Permissions -> {"user@wolfram.com" -> {"Read", "Interact"}, "user2@wolfram.com" -> "Read"}]

Permissions Group  (1)

Create a permissions group and allow its members to access a notebook:

Wolfram Language code: CreatePermissionsGroup["mygroup", {"user@wolfram.com", "user2@wolfram.com"}]; CloudDeploy[Notebook[{Cell["This notebook can be read only by the permissions group members.", "Text"]}], Permissions -> PermissionsGroup["mygroup"] -> "Read"]

Permissions Constraints  (10)

Allow users with a user ID in the example.com domain to read a notebook:

Wolfram Language code: CloudDeploy[Notebook[{Cell["This notebook can be read by users with a CloudUserID in the example.com domain.", "Text"]}], Permissions -> <|"CloudUserID" -> "Allow" -> "*@example.com"|> -> {"Read"}]

Grant access based on a wildcard pattern in the user ID:

Wolfram Language code: CloudDeploy[Notebook[{Cell["This notebook can be read by example.com users whose name ends in \"-admin\".", "Text"]}], Permissions -> <|"CloudUserID" -> "Allow" -> "*-admin@example.com"|> -> {"Read"}]

Allow anyone except example.com users to access a notebook:

Wolfram Language code: CloudDeploy[Notebook[{Cell["This notebook can be read by anyone except example.com users.", "Text"]}], Permissions -> <|"CloudUserID" -> "Disallow" -> "*@example.com"|> -> {"Read"}]

Exclude a user from a pattern:

Wolfram Language code: CloudDeploy[Notebook[{Cell["This notebook can be read by example.com users except \"user@example.com\".", "Text"]}], Permissions -> {<|"CloudUserID" -> <|"Allow" -> "*@example.com", "Disallow" -> "user@example.com"|>|> -> {"Read"}}]

Allow users from a specific location to access a notebook:

Wolfram Language code: CloudDeploy[Notebook[{Cell["This notebook can be read by users located in Japan.", "Text"]}], Permissions -> <|"GeoLocationCountry" -> "Allow" -> Entity["Country", "Japan"]|> -> {"Read"}]

Allow anyone to access a notebook two days from today:

Wolfram Language code: CloudDeploy[Notebook[{Cell["Anyone can access the notebook.", "Text"]}], Permissions -> {<|"StartDate" -> DatePlus[DateObject[], 2]|> -> {"Read"}}]

Allow anyone to access a notebook until a specific date:

Wolfram Language code: CloudDeploy[Notebook[{Cell["This notebook can be read by anyone until 1st of July 2022.", "Text"]}], Permissions -> {<|"EndDate" -> DateObject[{2022, 7, 1}]|> -> {"Read"}}]

Allow anyone to access a notebook for a week starting two days from today:

Wolfram Language code: CloudDeploy[Notebook[{Cell["This notebook can be read by anyone for a week.", "Text"]}], Permissions -> {<|"StartDate" -> DatePlus[DateObject[], 2], "EndDate" -> DatePlus[DateObject[], 2] + Quantity[1, "Weeks"]|> -> {"Read"}}]

Allow users with a user ID in the example.com domain to access a notebook until a specific date:

Wolfram Language code: CloudDeploy[Notebook[{Cell["This notebook can be read by example.com users until 1st of July 2022.", "Text"]}], Permissions -> {<|"CloudUserID" -> "Allow" -> "*@example.com", "EndDate" -> DateObject[{2022, 7, 1, 1}]|> -> {"Read"}}]

Allow only example.com users from Japan to access a notebook for a week:

Wolfram Language code: CloudDeploy[Notebook[{Cell["This notebook can be read by example.com users located in Japan for a week.", "Text"]}], Permissions -> {<|"CloudUserID" -> "Allow" -> "*@example.com", "GeoLocationCountry" -> "Allow" -> Entity["Country", "Japan"], "EndDate" -> DateObject[] + Quantity[1, "Weeks"]|> -> {"Read"}}]

Multiple Users Classes  (1)

Allow user@wolfram.com to have both "Read" and "Interact" capabilities, accumulated from applicable rules:

Wolfram Language code: CreatePermissionsGroup["mygroup", {"user@wolfram.com", "user2@wolfram.com"}]; CloudDeploy[Notebook[{Cell[BoxData[ToBoxes[Manipulate[Plot3D[Sin[x y + a], {x, 0, 3}, {y, 0, 3}], {a, 0, 1}]]], "Print"]}], Permissions -> {PermissionsGroup["mygroup"] -> "Read", "user@wolfram.com" -> "Interact"}]
Wolfram Language code: CloudDeploy[Notebook[{Cell[BoxData[ToBoxes[Manipulate[Plot3D[Sin[x y + a], {x, 0, 3}, {y, 0, 3}], {a, 0, 1}]]], "Print"]}], Permissions -> {"All" -> "Read", <|"CloudUserID" -> "Allow" -> "*@wolfram.com"|> -> {"Interact"}}]

Applications  (3)

Allow a user to view a notebook:

Wolfram Language code: obj = CloudDeploy[Notebook[{Cell["This is a read only notebook.", "Text"]}], Permissions -> {"user@wolfram.com" -> {"Read"}}]

Deploy a notebook that allows interactions:

Wolfram Language code: obj = CloudDeploy[Notebook[{Cell[BoxData[ToBoxes[Manipulate[Plot3D[Sin[x y + a], {x, 0, 3}, {y, 0, 3}], {a, 0, 1}]]], "Print"]}], Permissions -> {"user@wolfram.com" -> {"Read", "Interact"}}]

Deploy a notebook allowing a user to modify it:

Wolfram Language code: obj = CloudDeploy[Notebook[{Cell["User can modify the notebook.", "Text"]}], Permissions -> {"user@wolfram.com" -> {"Read", "Write"}}]

Editing of notebooks only works in the "Product" view, not the "Deployed" view.

Possible Issues  (2)

None is not a valid Permissions setting:

Wolfram Language code: CloudDeploy[100!, "myprivatenb", Permissions -> None]

You probably want Permissions"Private" instead:

Wolfram Language code: CloudDeploy[100!, "myprivatenb", Permissions -> "Private"]

None is not a valid user specification:

Wolfram Language code: obj = CloudDeploy[100!, "mysharednb", Permissions -> {"jpoeschko@wolfram.com" -> {"Read", "Write"}}]
Wolfram Language code: SetOptions[obj, Permissions -> {None -> "Write"}]

You can reset the permissions for each user class instead:

Wolfram Language code: perms = Options[obj, Permissions]
Wolfram Language code: permsWithoutWrite = Replace[perms, (user_ -> caps_) :> (user -> DeleteCases[caps, "Write"]), {3}]
Wolfram Language code: SetOptions[obj, permsWithoutWrite]

Note that the owner will effectively always retain full permissions:

Wolfram Language code: Options[obj, Permissions]
Wolfram Research (2014), Permissions, Wolfram Language function, https://reference.wolfram.com/language/ref/Permissions.html (updated 2019).

Text

Wolfram Research (2014), Permissions, Wolfram Language function, https://reference.wolfram.com/language/ref/Permissions.html (updated 2019).

CMS

Wolfram Language. 2014. "Permissions." Wolfram Language & System Documentation Center. Wolfram Research. Last Modified 2019. https://reference.wolfram.com/language/ref/Permissions.html.

APA

Wolfram Language. (2014). Permissions. Wolfram Language & System Documentation Center. Retrieved from https://reference.wolfram.com/language/ref/Permissions.html

BibTeX

@misc{reference.wolfram_2026_permissions, author="Wolfram Research", title="{Permissions}", year="2019", howpublished="\url{https://reference.wolfram.com/language/ref/Permissions.html}", note=[Accessed: 12-June-2026]}

BibLaTeX

@online{reference.wolfram_2026_permissions, organization={Wolfram Research}, title={Permissions}, year={2019}, url={https://reference.wolfram.com/language/ref/Permissions.html}, note=[Accessed: 12-June-2026]}