Permissions Setup

Enable Cognee’s permission system for data isolation and access control. For detailed concepts, see Cognee Permissions System.

Enable Permission System

Set the environment variable to enable access control:

ENABLE_BACKEND_ACCESS_CONTROL=true
REQUIRE_AUTHENTICATION=true

Database Override: Permission mode enforces Kùzu (graph) and LanceDB (vector). Custom providers are ignored.

Database Setup

Choose your relational database:

SQLite — Local development (auto-creates files)
Postgres — Production (requires manual setup)

See Relational Databases for detailed configuration.

Authentication

API Server

Start the server with authentication:

uvicorn cognee.api.client:app --host 0.0.0.0 --port 8000

Default credentials (development only):

Username: default_user@example.com
Password: default_password

Programmatic Access

See Permission Snippets for complete programmatic examples.

Data Organization

Data is automatically organized by user and dataset. Each user gets isolated storage:

.cognee_system/databases/<user_uuid>/
├── <dataset_uuid>.pkl         # Kùzu graph database
└── <dataset_uuid>.lance.db/   # LanceDB vector database

Troubleshooting

Permission Denied: Verify user has required permission on the dataset. Data Isolation: Check per-user database files exist:

ls -la .cognee_system/databases/<user_uuid>/

Database Conflicts: Custom providers are ignored in permission mode.

Permission System

Learn about users, tenants, roles, and ACL

Usage Guide

How to use permission features

Getting Started

Core Concepts

Setup Configuration

Guides

Examples

CLI

Enable Permission System

Database Setup

Authentication

API Server

Programmatic Access

Data Organization

Troubleshooting

Permission System

Usage Guide

Getting Started

Core Concepts

Setup Configuration

Guides

Examples

CLI

​Enable Permission System

​Database Setup

​Authentication

​API Server

​Programmatic Access

​Data Organization

​Troubleshooting

Permission System

Usage Guide

Enable Permission System

Database Setup

Authentication

API Server

Programmatic Access

Data Organization

Troubleshooting