Roles => Permission => Advanced settings => allow to perform this action for

What exactly do isauthenticated and ratelimit in advanced settings do?
Couldnt find it in the documentation.

These are custom policies for users-permissions plugin.

Take a look at their code to understand what they do:

:link: isAuthenticated - Verifies if the user that requested the url is authenticated.

:link: rateLimit - Is used to limit repeated requests from an IP to APIs and/or endpoints. For more details about rateLimit please refer to koa2-ratelimit official documentation.

Rate limit is currently used on the following auth endpoints:


You can use it to protect some important endpoints from spamming.

1 Like

I don’t understand why I would need to add an isAuthenticated policy within the authenticated role. Don’t all enabled actions within this role already require being authenticated?

that’s exactly why i started researching what isAuthenticated meant to do and stumbled across this thread.

Anybody got any clue?