A guide to DRF’s built-in permission classes.

Permission Class Unauthenticated Write Unauthenticated Read Authenticated
AllowAny      
IsAuthenticatedOrReadOnly Forbidden    
IsAuthenticated Forbidden Forbidden  
DjangoModelPermissionsOrAnonReadOnly Forbidden   Write requires Model Permissions
DjangoModelPermissions Forbidden Forbidden Write requires Model Permissions
DjangoObjectPermissions Forbidden Forbidden Write requires Object Permissions
IsAdminUser Forbidden Forbidden Admin only
  • Write access means POST, PUT, PATCH and DELETE.