{"id": "changelog:permissions", "page": "changelog", "ref": "permissions", "title": "Permissions", "content": "Datasette also now has a built-in concept of  Permissions . The permissions system answers the following question: \n                 \n                     Is this  actor  allowed to perform this  action , optionally against this particular  resource ? \n                 \n                 You can use the new  \"allow\"  block syntax in  metadata.json  (or  metadata.yaml ) to set required permissions at the instance, database, table or canned query level. For example, to restrict access to the  fixtures.db  database to the  \"root\"  user: \n                 {\n    \"databases\": {\n        \"fixtures\": {\n            \"allow\": {\n                \"id\" \"root\"\n            }\n        }\n    }\n} \n                 See  Defining permissions with \"allow\" blocks  for more details. \n                 Plugins can implement their own custom permission checks using the new  permission_allowed(datasette, actor, action, resource)  hook. \n                 A new debug page at  /-/permissions  shows recent permission checks, to help administrators and plugin authors understand exactly what checks are being performed. This tool defaults to only being available to the root user, but can be exposed to other users by plugins that respond to the  permissions-debug  permission. ( #788 )", "breadcrumbs": "[\"Changelog\", \"0.44 (2020-06-11)\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/788\", \"label\": \"#788\"}]"}