# Object Permissions {% hint style="success" %} **Audience:** Admins, Developers, Solution Architects **Purpose:** Explains how space.vars.object Permissions control access to space.vars.objects and their space.vars.entities across the space.vars.Kizen\_company\_name platform. {% endhint %} ## Overview space.vars.object permissions determine who can access space.vars.objects across the platform and who can perform actions within a specific space.vars.object. These permissions are enforced consistently across the UI, APIs, space.vars.automations, integrations, and exports. During space.vars.object configuration, Related space.vars.objects appears as Step 5. If Workflows are enabled, it becomes Step 6. 1. General Settings 2. Related Objects 3. Customize Fields 4. Customize Layout 5. **Permissions** There are two distinct levels of space.vars.object permissions, and both must be understood to configure access correctly: 1. Platform-level space.vars.object Permissions (Permission Groups) 2. space.vars.entity-level Permissions (Permission Groups, but can also be configured inside each space.vars.object) Both levels work together to determine a user’s effective access. *** ## Level 1: Platform Object Permissions

The first and higher-level permissions for space.vars.objects are configured in **Teams, Roles, and Permissions** (via *Edit Permission Group*). These permissions control whether a user can: * See space.vars.objects across the platform * Create new space.vars.objects * Edit space.vars.object Settings * Delete space.vars.objects Permissions at this level strictly govern access to your ability to edit, create, modify, and view space.vars.objects across the platform, and are not associated with space.vars.entity modification or visibility. For example: * A user may have permission to view and edit an space.vars.objects structure or settings, but still be unable to view or create space.vars.entities inside that space.vars.object. * Another user may have permission to view and edit inside an space.vars.object but not have access to edit the space.vars.object's structure or settings. ### Object Visibility An space.vars.object is considered visible to a user when they have **View** permission for that space.vars.object in their Permission Group or if they have the space.vars.object space.vars.entity permission enabled for their group. If a user does not have **View** permission at this level: * The space.vars.object does not appear in the UI * It may be omitted from metadata endpoints * API requests involving that object may return empty results or authorization errors *** ## Level 2: Record-Level Permissions The second level of permissions can be configured within each individual space.vars.object’s settings or from the Permission Groups Modal. These permissions control which users can access and manage that space.vars.object’s configuration and what permissions they have within that space.vars.object. Both levels work together to determine a user’s effective access. For space.vars.object Permissions, we'll focus on Level 1. Review [Record Permissions](broken://pages/uhMfsDTB0PmOzSEoHKUi) for more context on level 2 access. *** ## How Both Levels Work Together Generally, an admin has permissions at both levels. | Scenario | Result | | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | | User has space.vars.object visibility (Level 1) but no space.vars.entity permissions (Level 2) | space.vars.object appears, but space.vars.entities cannot be viewed or modified | | User has space.vars.entity permissions (Level 2) but no space.vars.object visibility (Level 1) | space.vars.object still appears, and space.vars.entities can be viewed or modified | | User has permissions at both levels | Full access based on the combination of both settings | Misalignment between these two layers is one of the most common causes of: * “Empty space.vars.object” experiences * Missing data reports * API responses returning empty results * Confusion about why actions are unavailable *** ## API Behavior and Permissions Permissions are surfaced directly in API responses so clients can make safe decisions about allowed actions. When fetching an space.vars.object, responses include access flags such as: ```json "access": { "view": true, "edit": true, "remove": true } ``` These values allow applications and integrations to: * Hide edit or delete actions when not allowed * Prevent unauthorized writes * Avoid operations that will fail * Safely respond to dynamic permission changes Structures such as `custom_objects` and `custom_object_entities` also include permission indicators that reflect the current user’s effective access. *** ## Important Considerations Keep the following in mind when configuring or troubleshooting permissions: * Do not assume permissions based on role names. Always evaluate effective permissions. * Platform-level space.vars.object access does not imply space.vars.object-level access. * Missing space.vars.entities or fields often indicate permission restrictions, not missing data. * Integrations should always evaluate access flags before attempting write operations. * Permission misconfiguration is a common cause of empty UI states and empty API responses. *** ## What’s Next In [Contact Permissions](broken://pages/ZfSbXfWgUab5oeBMU2jp), you’ll learn how space.vars.entity-level permissions are represented for Contact space.vars.objects and how they affect create, edit, and bulk actions.