Roles and Permissions

System Information
  • **Strapi Version3.6.2:
  • **Operating SystemWindows 10:
  • **Databasesqlite:
  • **Node Version14.16.1:
  • **NPM Version6.14.12:
  • Yarn Version:

Hello everyone, I am following along with the authentication and authorization tutorial at User Roles and Permissions in Strapi for the Admin Panel and I am seeing different results. For example, I create two users with the role of Author. I upload a .png with Author 1, and Author 2 can see the media in the Media Library, edit its details, and also delete it. When I check the settings for what an author can do, they should only be able to update or delete something if they are the creator. I have created a brand new test Strapi project and the results are the same. Can somebody please help me?

1 Like


I had an issue like this and fixed it by upgrading to 3.6.5 or higher. Looks to be related to:

I’m experiencing the same thing in 4.6.0. When I enable “Access the Media Library” AND “Update (crop, details, replace) + delete” to users that “is creator” - the Author can only see their own uploaded media. That is correct.

However, when I enable full access to “Access the Media Library”, but keep “Update + delete” as “is creator”, all authors can see and update/delete every media entry. I thought it would let the author see everything in the Media Library, but only let them update/delete their own uploads…

Any ideas on how to achieve this?