is an option for CloudObject and related constructs that specifies permissions for classes of users to access or perform operations.


  • Possible settings include:
  • "Public"accessible for primary action by anyone
    "Private"private to the owner
    "unixstring"permissions for everyone specified in Unix string format
    {class1->per1,class2->per2,}different permissions specified for different classes of users
  • The setting "Public" allows execution of APIFunction, FormFunction, and related constructs. It allows reading and interaction for notebook and CDF objects. For other objects, it allows reading only.
  • Possible classes of users or requesters include:
  • Alleveryone
    "Authenticated"everyone signed in with a Wolfram ID
    "Owner"owner of the object
    {user1,user2,}an explicit list of users
    PermissionsGroup["name"]users in a permissions group
    PermissionsKey["key"]requesters with a valid permissions key
  • Users can be referenced by their Wolfram ID names, email addresses, or Wolfram UUID strings of the form "user-uuid".
  • Permissions allowed for particular classes of users are specified by giving lists of capabilities.
  • Core file-related capabilities include:
  • "Read"read content from the object
    "Write"write content permanently to the object
    "Execute"execute code in the object (e.g. via a form or API)
    Automaticallow the primary action on the object
    Allallow all actions on the object
  • File-related capabilities can also be specified as Unix-like permissions strings of the form "rwx" etc.
  • File-related capabilities are the only permissions taken into account for notebooks that have not been explicitly deployed using CloudDeploy and related functions.
  • For APIFunction, FormFunction, and related constructs, the primary action associated with Automatic is "Execute". For deployed notebooks and CDFs, it is "Interact".
  • Additional capabilities related to deployed notebooks and CDFs include:
  • "Edit"allow editing of the notebook document
    "Save"allow saving of the notebook
    "CellEdit"edit content in existing cells
    "CellCreate"create new cells
    "CellDelete"delete existing cells
    "Evaluate"evaluate code in cells
    "Interact"allow interaction with content (e.g. via CDF in the cloud)
  • "Write" allows arbitrary rewriting of a CloudObject. "Save" allows only material generated by saving a notebook view.
  • "Read" and "Write" affect what is permanently stored in a CloudObject.
  • "Edit" allows temporary modification in a notebook view. "Write" is required to allow modifications to be saved permanently.
  • "Write" is possible only for authenticated users.
  • $Permissions gives the default setting for the Permissions option.


open allclose all

Basic Examples  (2)

Make a cloud object that can be seen by the world:

Click for copyable input

By default, cloud objects can be read only by the owner:

Click for copyable input
Click for copyable input

Make the cloud object visible to the world:

Click for copyable input
Click for copyable input

Scope  (1)

See Also

$Permissions  PermissionsGroup  CloudConnect  Editable  Saveable  OverwriteTarget  PartProtection

Related Workflows

Introduced in 2014