---
title: Globals Access Control
label: Globals
order: 40
desc: Global-level Access Control is specified within each Global's `access` property and allows you to define which users can read or update Globals.
keywords: globals, access control, permissions, documentation, Content Management System, cms, headless, javascript, node, react, express
---

You can define Global-level Access Control within each Global's `access` property. All Access Control functions accept one `args` argument.

**Available argument properties:

## Available Controls

| Function                 | Allows/Denies Access |
| ------------------------ | -------------------- |
| **[`read`](#read)**      | Used in the `findOne` Global operation |
| **[`update`](#update)**  | Used in the `update` Global operation |

**Example Global config:**
```js
export default {
  slug: "header",
  // highlight-start
  access: {
    read: ({ req: { user } }) => { ... },
    update: ({ req: { user } }) => { ... },
  },
  // highlight-end
};
```

### Read

Returns a boolean result or optionally a [query constraint](/docs/queries/overview) which limits who can read this global based on its current properties.

**Available argument properties:**

| Option    | Description |
| --------- | ----------- |
| **`req`** | The Express `request` object containing the currently authenticated `user` |

### Update

Returns a boolean result or optionally a [query constraint](/docs/queries/overview) which limits who can update this global based on its current properties.

**Available argument properties:**

| Option     | Description |
| ---------- | ----------- |
| **`req`**  | The Express `request` object containing the currently authenticated `user` |
| **`data`** | The data passed to update the global with. |