Show content of authenticated logged in user only

Hi all,

I’ve been searching for hours but couldn’t find the right answer unfortunately. I have made a dashboard site where registered users can track their own data. However when a user is logged in, it can update, see and add data of others.

Basically all data gets piled up mixed with all users data.

I’d like a logged in user to be able to view and edit its own data. I know there is an author role, but from my understanding thats only at the admin panel. Not when users are registered and logged in from the front-end (API based)

Hope someone could help me out!

Thank you so much in advance!

1 Like

Welcome to the forums!
Best place is to use a policy like isOwner

1 Like

Thank you so much for your quick response! Appreciate it. Setting the owner worked. But is it also possible the owner only sees its own content?

You can extend wha the guide says and set a policy so only the owner will get it’s own data back and not others yes.

1 Like

Any idea where to find the code :slight_smile: ? Been searching for days but couldnt exactly find a script that only shows content per logged in user.

However at the moment I did succeed in building a restricted area for registered users. But all created content is visible instead of user created content only.

Hope you could help me out!

Thank you.

When you make a request you can use to get the userID, then extend the API to return only data for the user that is logged into session. Instead of “ALL” the data.

1 Like

Any plan on natively supporting this requirement by official policy or plugin?

1 Like

Thank you!! Solved it with your help.

I use the 2 custom policies for almost every Strapi backed project I create. One policy is for single owner and the other policy is for a multiple owners field.



Place these files in ~/config/policies/ to be available globally and then set them per route. For example I have a binders content type and my ~/api/binders/config/routes.js begins like the following:

  "routes": [{
      "method": "GET",
      "path": "/binders",
      "handler": "binder.find",
      "config": {
        "policies": [

The specific attributes that relate to this usage defined on the content type in ~/api/binder/models/binder.setting.json are the following:

    "private": {
      "type": "boolean",
      "default": true
    "owners": {
      "plugin": "users-permissions",
      "collection": "user",
      "via": "binders",
      "dominant": true
    "readonly": {
      "plugin": "users-permissions",
      "collection": "user",
      "via": "binders_readonly",
      "dominant": true

Is there any chance you could re-share those snippets? The gist seems to be gone at this point. Thanks!

Here you go. Just keep in mind this solution was for v3.

1 Like

Gotcha.Thank you regardless for resharing your solution!

Could you share solutions for Strapi v4? Thank you