Creating datasets with public and private documents and accessing them in the CMS.

Is that possible to create a dataset that contains public & private documents, and the client can only access the public data while in the CMS can access both public and private data? Or I can only create different datasets individually?

I found Spaces may help, create two datasets for public and private use.
Another question is, my public and private dataset have different schema, but Spaces seem share same schema even with different

projectId

and

dataset

.

A workaround is I can share the same schema in different datasets, but show a subset of documents that the current dataset needed in the navigation bar based on

process.env.SANITY_STUDIO_API_DATASET

.
Not sure it’s a good practice.

I’d look into IDs and paths :) https://www.sanity.io/docs/ids

So I can create private documents by providing a custom id like

contacts.${ID}

(only through API [1]), then the client (without token) can’t access them. Am I right?
[1]

The Sanity Studio automatically generates a random UUID  for new documents (e.g. 

189bc292-e41b-42a0-91b5-bfaa33a34af2

), and does not allow you to specify an ID yourself, but you are free to use your own ID scheme for documents that you create using the HTTP API.

Yup!

It works, thanks!

am I right in thinking then that this would be a secure solution to build your own shop storing customer data in Sanity?
(providing all orders / customer data must be created initially via Sanity Javascript Client)

That’s exciting!

Or is it safest to keep it a private dataset and proxy the API requests using serverless functions?

You are right in thinking that. It’s the same way that drafts and the system documents (containing the permissions) work 🙂

Ahh! Thanks – never clocked that this is why drafts only show up in authenticated requests. Amazing! Very excited to start making some lightweight shops in Sanity 🙂