@User the recommendation would be to do permissions checks either in your API or in Next.js server side rendering handlers, and then pass the permission info to your frontend