# Manage Note Permission
{%hackmd @codimd/docs-wide-styles %}
It is possible to change the access permission to a note through the little button on the top right of the view.
There are six possible options:
| Permission Icon/Name | Owner read/write | Signed-in read | Signed-in write | Guest read | Guest write |
|:------------------------------------------------------------------------------------ |:----------------:|:--------------:|:---------------:|:----------:|:-----------:|
| <span class="text-nowrap"><i class="fa fa-leaf fa-fw"></i> **Freely**</span> | ✔ | ✔ | ✔ | ✔ | ✔ |
| <span class="text-nowrap"><i class="fa fa-pencil fa-fw"></i> **Editable**</span> | ✔ | ✔ | ✔ | ✔ | ✖ |
| <span class="text-nowrap"><i class="fa fa-id-card fa-fw"></i> **Limited**</span> | ✔ | ✔ | ✔ | ✖ | ✖ |
| <span class="text-nowrap"><i class="fa fa-lock fa-fw"></i> **Locked**</span> | ✔ | ✔ | ✖ | ✔ | ✖ |
| <span class="text-nowrap"><i class="fa fa-umbrella fa-fw"></i> **Protected**</span> | ✔ | ✔ | ✖ | ✖ | ✖ |
| <span class="text-nowrap"><i class="fa fa-hand-stop-o fa-fw"></i> **Private**</span> | ✔ | ✖ | ✖ | ✖ | ✖ |
**Only the owner of the note can change the note's permissions.**
## Anonymous (Guest) related config
If you don't want guest users to create note or view note, you can set `CMD_ALLOW_ANONYMOUS`, `CMD_ALLOW_ANONYMOUS_EDITS`, `CMD_ALLOW_ANONYMOUS_VIEWS` .
Set those config and the consequence is showing below table.
| `CMD_ALLOW_ANONYMOUS` | `CMD_ALLOW_ANONYMOUS_EDITS` | `CMD_ALLOW_ANONYMOUS_VIEWS` | `New guest note` button | `freely` permission | `editable/locked` permission |
| --------------------- | --------------------------- | --------------------------- | ----------------------- | ------------------- | ---------------------------- |
| true | - | - | active | active | active |
| false | - | false | inactive | inactive | inactive |
| false | false | true | inactive | inactive | active |
| false | true | true | inactive | active | active |
## Default Behavior
If you didn't change any config that related permission, the note permission is default to `editable`, And `CMD_ALLOW_ANONYMOUS` is set to `true`.
:::danger
:warning: **Breaking Change** :warning:
After CodiMD 2.0.0, in order to prevent any user to create note, we change anonymous setting default value to:
- CMD_ALLOW_ANONYMOUS → `false`
- CMD_ALLOW_ANONYMOUS_EDITS → `true`
- CMD_ALLOW_ANONYMOUS_VIEWS → `true`
:::
## About the Uploaded Images' Permission
Depending on your image upload settings, CodiMD allows you to upload to different image hosting providers.
CodiMD does not enforce any access restrictions on uploaded images. If you use the `filesystem` upload option (default one), the image URL will be `YOUR_INSTANCE/uploads/IMAGE_NAME`. Even if your note permission is set to private, the image will still be **accessible** if your instance is publicly accessible.
If you set your upload provider to other cloud services (e.g., s3, minio, azure), the uploaded image will have a URL from the respective service. You can set up additional permission access rules based on your specific requirements. Please note that CodiMD does not offer options to assist with this.
:::info
Please note that the `/uploadimage` endpoint is also publicly accessible.
:::