Skip to content

Handling permissions

In Solid, permissions are handled through a standard called Web Access Control (or WAC).

Adding or removing WAC permissions

To add or remove permissions from a Pod, the app can use the PodPermissionsService.

await'pod-permissions.add', {
uri: 'http://localhost:3000/alice/data/eba0227a-3bbb-4582-b879,
agentUri: 'http://localhost:3000/bob',
agentPredicate: 'acl:agent',
mode: 'acl:Read',
actorUri: 'http://localhost:3000/alice'

To give a permission to all users, you should use acl:agentClass for the agentPredicate and for the agentUri.

Creating WAC groups

The PodWacGroupsService allows you to create or delete WAC groups, as well as add or remove members from these groups.

const groupUri = await'pod-wac-groups.create', {
groupSlug: 'my-group',
actorUri: 'http://localhost:3000/alice'
await'pod-wac-groups.addMember', {
memberUri: 'http://localhost:3000/bob',
actorUri: 'http://localhost:3000/alice'

You can then give permissions to the whole group using pod-permissions.add,with acl:agentGroup for the agentPredicate and the URI of the group for the agentUri.