Assets Permissions

HPaulson · September 13, 2025, 10:51pm

Hey all. I’ve noticed that even when an item in directus_files is not accessible via the public policy, if you have the ID of a file, you may access it at /assets/:id.

Is this intentional, or do I have an issue with my permissions? Public has no read permissions. I understand that a user wound have no access to the id in the first place without permissions, but that did not seem like a good reason to me for the file to be publicly accessible via /assets.

Thanks for any guidance!

rijkvanzanten · October 3, 2025, 8:38pm

By default nothing is accessible to the public or other users. You must have read permissions enabled for the public role through a policy somewhere in the system.

Topic		Replies	Views
How can I make assets publicly available? Help api	1	176	September 9, 2025
Permission to assets files denied as an admin user Help	1	767	June 14, 2025
Public access for video not working, but image does Help api	1	47	December 16, 2025
Allow user to access item by ID but block to list all items Help	2	96	June 17, 2025
Accessing images in local network Help directus	2	25	February 17, 2026

Assets Permissions

Related topics