diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index 4ae1f8dee..4276e780f 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -912,7 +912,9 @@ App::post('/v1/account/sessions/phone')
                 '$id' => $userId,
                 '$permissions' => [
                     'read(any)',
-                    'write(user:' . $userId . ')'
+                    'create(user:' . $userId . ')',
+                    'update(user:' . $userId . ')',
+                    'delete(user:' . $userId . ')',
                 ],
                 'email' => null,
                 'phone' => $number,
@@ -951,7 +953,9 @@ App::post('/v1/account/sessions/phone')
         $token = $dbForProject->createDocument('tokens', $token
             ->setAttribute('$permissions', [
                 'read(user: ' . $user->getId() . ')',
-                'write(user:' . $user->getId() . ')'
+                'create(user:' . $user->getId() . ')',
+                'update(user:' . $user->getId() . ')',
+                'delete(user:' . $user->getId() . ')',
             ]));
 
         $dbForProject->deleteCachedDocument('users', $user->getId());
@@ -1045,7 +1049,9 @@ App::put('/v1/account/sessions/phone')
         $session = $dbForProject->createDocument('sessions', $session
             ->setAttribute('$permissions', [
                 'read(user: ' . $user->getId() . ')',
-                'write(user:' . $user->getId() . ')'
+                'create(user:' . $user->getId() . ')',
+                'update(user:' . $user->getId() . ')',
+                'delete(user:' . $user->getId() . ')',
             ]));
 
         $dbForProject->deleteCachedDocument('users', $user->getId());
@@ -1146,7 +1152,9 @@ App::post('/v1/account/sessions/anonymous')
             '$id' => $userId,
             '$permissions' => [
                 'read(any)',
-                'write(user:' . $userId . ')'
+                'create(user:' . $userId . ')',
+                'update(user:' . $userId . ')',
+                'delete(user:' . $userId . ')',
             ],
             'email' => null,
             'emailVerification' => false,
@@ -1190,7 +1198,9 @@ App::post('/v1/account/sessions/anonymous')
 
         $session = $dbForProject->createDocument('sessions', $session-> setAttribute('$permissions', [
                 'read(user: ' . $user->getId() . ')',
-                'write(user:' . $user->getId() . ')'
+                'create(user:' . $user->getId() . ')',
+                'update(user:' . $user->getId() . ')',
+                'delete(user:' . $user->getId() . ')',
             ]));
 
         $dbForProject->deleteCachedDocument('users', $user->getId());
diff --git a/app/controllers/api/functions.php b/app/controllers/api/functions.php
index 0b7e0c57b..0ed38379d 100644
--- a/app/controllers/api/functions.php
+++ b/app/controllers/api/functions.php
@@ -571,7 +571,9 @@ App::post('/v1/functions/:functionId/deployments')
                     '$id' => $deploymentId,
                     '$permissions' => [
                         'read(any)',
-                        'write(any)'
+                        'create(any)',
+                        'update(any)',
+                        'delete(any)',
                     ],
                     'resourceId' => $function->getId(),
                     'resourceType' => 'functions',
@@ -602,7 +604,9 @@ App::post('/v1/functions/:functionId/deployments')
                     '$id' => $deploymentId,
                     '$permissions' => [
                         'read(any)',
-                        'write(any)'
+                        'create(any)',
+                        'update(any)',
+                        'delete(any)',
                     ],
                     'resourceId' => $function->getId(),
                     'resourceType' => 'functions',
diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php
index 2a1fbe419..4ead90757 100644
--- a/app/controllers/api/teams.php
+++ b/app/controllers/api/teams.php
@@ -60,8 +60,10 @@ App::post('/v1/teams')
         $team = Authorization::skip(fn() => $dbForProject->createDocument('teams', new Document([
             '$id' => $teamId ,
             '$permissions' => [
-                "read(team:{$teamId}",
-                "write(team:{$teamId}/owner)",
+                'read(team:' . $teamId . ')',
+                'create(team:' . $teamId . '/owner)',
+                'update(team:' . $teamId . '/owner)',
+                'delete(team:' . $teamId . '/owner)',
             ],
             'name' => $name,
             'total' => ($isPrivilegedUser || $isAppUser) ? 0 : 1,
@@ -74,7 +76,9 @@ App::post('/v1/teams')
                 '$id' => $membershipId,
                 '$permissions' => [
                     "read(user:{$user->getId()}, team:{$team->getId()})",
-                    "write(user:{$user->getId()}, team:{$team->getId()}/owner)",
+                    "create(user:{$user->getId()}, team:{$team->getId()}/owner)",
+                    "update(user:{$user->getId()}, team:{$team->getId()}/owner)",
+                    "delete(user:{$user->getId()}, team:{$team->getId()}/owner)",
                 ],
                 'userId' => $user->getId(),
                 'userInternalId' => $user->getInternalId(),
diff --git a/tests/e2e/Services/Realtime/RealtimeCustomClientTest.php b/tests/e2e/Services/Realtime/RealtimeCustomClientTest.php
index 29c714220..2bb746788 100644
--- a/tests/e2e/Services/Realtime/RealtimeCustomClientTest.php
+++ b/tests/e2e/Services/Realtime/RealtimeCustomClientTest.php
@@ -1060,7 +1060,9 @@ class RealtimeCustomClientTest extends Scope
             'name' => 'Bucket 1',
             'permissions' => [
                 'read(any)',
-                'write(any)'
+                'create(any)',
+                'update(any)',
+                'delete(any)',
             ]
         ]);