> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cubestack.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Permissions

> Control access to your CubeStack data with permissions.

# Permissions

CubeStack provides granular control over who can access your data and what they can do with it.

## Access Levels

### Public Access

When enabled on a cube, anyone can read records without authentication. Only columns marked as **Public** are returned.

### API Key Access

API keys grant full read and write access to all columns in a project. Use API keys for server-to-server communication.

## Column-Level Permissions

Each column has a **Public** toggle that controls whether it appears in unauthenticated API responses. This lets you expose only the data you want to be public.

## Best Practices

* Never expose API keys in client-side code
* Use public access for read-only frontend consumption
* Keep sensitive columns (emails, internal IDs) private
* Rotate API keys periodically
