title: Model-Level Permissions summary: Reduce risk by securing models. # Model-Level Permissions Models can be modified in a variety of controllers and user interfaces, all of which can implement their own security checks. Often it makes sense to centralize those checks on the model, regardless of the used controller. The API provides four methods for this purpose: `canEdit()`, `canCreate()`, `canView()` and `canDelete()`. Since they're PHP methods, they can contain arbitrary logic matching your own requirements. They can optionally receive a `$member` argument, and default to the currently logged in member (through `Member::currentUser()`).