Access Control Options
All blobs stored on Walrus are public by default. Anyone who knows a blob ID can fetch its contents directly from a Walrus aggregator. Access control for Walrus Sites is not enforced at the storage layer.
Fully public content (default)
When you publish a Walrus Site using
site-builder, all resources are
stored as publicly readable blobs on Walrus. The portal serves them to any visitor without
authentication. This is appropriate for most static sites, documentation, open-source
project pages, and other content that has no confidentiality requirement.
For these use cases, site data authentication already provides integrity guarantees: the portal verifies each resource's SHA-256 hash against the value stored on Sui before serving it, ensuring the content has not been tampered with in transit.
Integrity verification and access control are separate concerns. Authentication confirms that content has not been modified. It does not restrict who can retrieve it.
Restricting access
Walrus Sites does not currently document a supported mechanism for restricting who can read site content. Treat all published site resources as public.