Page Contents

Home > @loopback/security > Permission

Permission class

Permission defines an action/access against a protected resource. It’s the what for security.

There are three levels of permissions

  • Resource level (Order, User) - Instance level (Order-0001, User-1001) - Property level (


export declare class Permission 


  • create a user (action: create, resource type: user) - read email of a user (action: read, resource property: - change email of a user (action: update, resource property: - cancel an order (action: delete, resource type: order)


Property Modifiers Type Description
[securityId] readonly string  
action   string Action or access of a protected resources, such as read, create, update, or delete
resourceId?   string (Optional) Identity of a protected resource instance, such as order-0001 or customer-101
resourceProperty?   string (Optional) Property of a protected resource type/instance, such as email
resourceType   string Type of protected resource, such as Order or Customer