diff --git a/src/AccessControl/AccessControlManager.php b/src/AccessControl/AccessControlManager.php
new file mode 100644
index 0000000..c9885a6
--- /dev/null
+++ b/src/AccessControl/AccessControlManager.php
@@ -0,0 +1,84 @@
+<?php
+
+namespace DataKit\DataViews\AccessControl;
+
+use SplStack;
+
+/**
+ * Manages the current and previously set Access Controllers.
+ *
+ * By default, the manager will return a {@see ReadOnlyAccessController}.
+ *
+ * @since $ver$
+ */
+final class AccessControlManager {
+	/**
+	 * The current stack of Access Control Managers.
+	 *
+	 * @since $ver$
+	 *
+	 * @var SplStack<AccessController>
+	 */
+	private static \SplStack $access_controllers;
+
+	/**
+	 * Prevent creating multiple instances of the manager.
+	 *
+	 * @since $ver$
+	 */
+	private function __construct() {
+	}
+
+	/**
+	 * Lazily initializes the Access Control Manager.
+	 *
+	 * @since $ver$
+	 *
+	 * @return void
+	 */
+	private static function initialize(): void {
+		if ( ! isset( self::$access_controllers ) ) {
+			self::$access_controllers = new \SplStack();
+			self::set( new ReadOnlyAccessController() );
+		}
+	}
+
+	/**
+	 * Sets the current AccessController.
+	 *
+	 * @since $ver$
+	 *
+	 * @param AccessController $access_controller The access controller.
+	 */
+	public static function set( AccessController $access_controller ): void {
+		self::initialize();
+
+		self::$access_controllers->push( $access_controller );
+	}
+
+	/**
+	 * Returns the current Access Controller.
+	 *
+	 * @since $ver$
+	 *
+	 * @return AccessController The current AccessController.
+	 */
+	public static function current(): AccessController {
+		self::initialize();
+
+		return self::$access_controllers->top();
+	}
+
+	/**
+	 * Resets the current Access Controller to the previous.
+	 *
+	 * @since $ver$
+	 */
+	public static function reset(): void {
+		self::initialize();
+
+		if ( self::$access_controllers->count() > 1 ) {
+			self::$access_controllers->pop();
+		}
+	}
+}
diff --git a/src/AccessControl/AccessController.php b/src/AccessControl/AccessController.php
new file mode 100644
index 0000000..d64d017
--- /dev/null
+++ b/src/AccessControl/AccessController.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace DataKit\DataViews\AccessControl;
+
+use DataKit\DataViews\AccessControl\Capability\Capability;
+use DataKit\DataViews\DataView\DataView;
+use DataKit\DataViews\Field\Field;
+
+/**
+ * Manages the access the current user has on {@see DataView} and {@see Field} objects.
+ *
+ * @since $ver$
+ */
+interface AccessController {
+	/**
+	 * Returns whether the user has the provided capability.
+	 *
+	 * @since $ver$
+	 *
+	 * @param Capability $capability The capability to test.
+	 *
+	 * @return bool Whether the user has the capability.
+	 */
+	public function can( Capability $capability ): bool;
+}
diff --git a/src/AccessControl/Capability/Capability.php b/src/AccessControl/Capability/Capability.php
new file mode 100644
index 0000000..2f06ab1
--- /dev/null
+++ b/src/AccessControl/Capability/Capability.php
@@ -0,0 +1,28 @@
+<?php
+
+namespace DataKit\DataViews\AccessControl\Capability;
+
+/**
+ * Represents a capability a user can have.
+ *
+ * @since $ver$
+ */
+interface Capability {
+	/**
+	 * Returns whether the capability is related to mutation.
+	 *
+	 * @since $ver$
+	 *
+	 * @return bool Whether the capability is related to mutation.
+	 */
+	public function is_mutative(): bool;
+
+	/**
+	 * Returns whether the capability is related to destruction.
+	 *
+	 * @since $ver$
+	 *
+	 * @return bool Whether the capability is related to destruction.
+	 */
+	public function is_destructive(): bool;
+}
diff --git a/src/AccessControl/Capability/DataViewCapability.php b/src/AccessControl/Capability/DataViewCapability.php
new file mode 100644
index 0000000..c9af5e3
--- /dev/null
+++ b/src/AccessControl/Capability/DataViewCapability.php
@@ -0,0 +1,57 @@
+<?php
+
+namespace DataKit\DataViews\AccessControl\Capability;
+
+use DataKit\DataViews\DataView\DataView;
+
+/**
+ * Represents a capability that is connected to a DataView.
+ *
+ * @since $ver$
+ */
+abstract class DataViewCapability implements Capability {
+	/**
+	 * The DataView.
+	 *
+	 * @since $ver$
+	 *
+	 * @var DataView
+	 */
+	protected DataView $dataview;
+
+	/**
+	 * Creates the Capability.
+	 *
+	 * @since $ver$
+	 */
+	public function __construct( DataView $dataview ) {
+		$this->dataview = $dataview;
+	}
+
+	/**
+	 * Returns the DataView connected to the capability.
+	 *
+	 * @since $ver$
+	 */
+	public function dataview(): DataView {
+		return $this->dataview;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 *
+	 * @since $ver$
+	 */
+	public function is_mutative(): bool {
+		return false;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 *
+	 * @since $ver$
+	 */
+	public function is_destructive(): bool {
+		return false;
+	}
+}
diff --git a/src/AccessControl/Capability/DeleteDataView.php b/src/AccessControl/Capability/DeleteDataView.php
new file mode 100644
index 0000000..181d359
--- /dev/null
+++ b/src/AccessControl/Capability/DeleteDataView.php
@@ -0,0 +1,19 @@
+<?php
+
+namespace DataKit\DataViews\AccessControl\Capability;
+
+/**
+ * A capability representing a user can delete a DataView.
+ *
+ * @since $ver$
+ */
+final class DeleteDataView extends DataViewCapability {
+	/**
+	 * {@inheritDoc}
+	 *
+	 * @since $ver$
+	 */
+	public function is_destructive(): bool {
+		return true;
+	}
+}
diff --git a/src/AccessControl/Capability/EditDataView.php b/src/AccessControl/Capability/EditDataView.php
new file mode 100644
index 0000000..65d398d
--- /dev/null
+++ b/src/AccessControl/Capability/EditDataView.php
@@ -0,0 +1,19 @@
+<?php
+
+namespace DataKit\DataViews\AccessControl\Capability;
+
+/**
+ * A capability representing a user can edit a DataView.
+ *
+ * @since $ver$
+ */
+final class EditDataView extends DataViewCapability {
+	/**
+	 * {@inheritDoc}
+	 *
+	 * @since $ver$
+	 */
+	public function is_mutative(): bool {
+		return true;
+	}
+}
diff --git a/src/AccessControl/Capability/ViewDataView.php b/src/AccessControl/Capability/ViewDataView.php
new file mode 100644
index 0000000..9a1ad83
--- /dev/null
+++ b/src/AccessControl/Capability/ViewDataView.php
@@ -0,0 +1,11 @@
+<?php
+
+namespace DataKit\DataViews\AccessControl\Capability;
+
+/**
+ * A capability representing a user can view a DataView.
+ *
+ * @since $ver$
+ */
+final class ViewDataView extends DataViewCapability {
+}
diff --git a/src/AccessControl/Capability/ViewField.php b/src/AccessControl/Capability/ViewField.php
new file mode 100644
index 0000000..c601496
--- /dev/null
+++ b/src/AccessControl/Capability/ViewField.php
@@ -0,0 +1,47 @@
+<?php
+
+namespace DataKit\DataViews\AccessControl\Capability;
+
+use DataKit\DataViews\DataView\DataView;
+use DataKit\DataViews\Field\Field;
+
+/**
+ * A capability representing a user can view a DataView field.
+ *
+ * @since $ver$
+ */
+final class ViewField extends DataViewCapability {
+	/**
+	 * The Field.
+	 *
+	 * @since $ver$
+	 *
+	 * @var Field
+	 */
+	private Field $field;
+
+	/**
+	 * Creates the capability.
+	 *
+	 * @since $ver$
+	 *
+	 * @param DataView $dataview The DataView.
+	 * @param Field    $field    The Field.
+	 */
+	public function __construct( DataView $dataview, Field $field ) {
+		parent::__construct( $dataview );
+
+		$this->field = $field;
+	}
+
+	/**
+	 * Returns the Field to view.
+	 *
+	 * @since $ver$
+	 *
+	 * @return Field The Field.
+	 */
+	public function field(): Field {
+		return $this->field;
+	}
+}
diff --git a/src/AccessControl/ReadOnlyAccessController.php b/src/AccessControl/ReadOnlyAccessController.php
new file mode 100644
index 0000000..a3fee34
--- /dev/null
+++ b/src/AccessControl/ReadOnlyAccessController.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace DataKit\DataViews\AccessControl;
+
+use DataKit\DataViews\AccessControl\Capability\Capability;
+
+/**
+ * AccessControlManager that allows read access to anyone.
+ *
+ * @since $ver$
+ */
+final class ReadOnlyAccessController implements AccessController {
+	/**
+	 * {@inheritDoc}
+	 *
+	 * @since $ver$
+	 */
+	public function can( Capability $capability ): bool {
+		return ! $capability->is_mutative() && ! $capability->is_destructive();
+	}
+}
diff --git a/src/DataView/DataView.php b/src/DataView/DataView.php
index 5dc4c43..c6dc4e2 100644
--- a/src/DataView/DataView.php
+++ b/src/DataView/DataView.php
@@ -2,6 +2,8 @@
 
 namespace DataKit\DataViews\DataView;
 
+use DataKit\DataViews\AccessControl\AccessControlManager;
+use DataKit\DataViews\AccessControl\Capability\ViewField;
 use DataKit\DataViews\Data\DataSource;
 use DataKit\DataViews\Data\Exception\DataSourceException;
 use DataKit\DataViews\Data\MutableDataSource;
@@ -354,7 +356,7 @@ public function get_data( ?DataSource $data_source = null, ?Pagination $paginati
 			 */
 			$data = $data_source->get_data_by_id( $data_id );
 
-			foreach ( $this->directory_fields as $field ) {
+			foreach ( $this->allowed_fields( $this->directory_fields ) as $field ) {
 				$data[ $field->uuid() ] = $field->get_value( $data );
 			}
 
@@ -377,31 +379,32 @@ public function get_data( ?DataSource $data_source = null, ?Pagination $paginati
 	 * @throws DataSourceException When the data source encounters an issue.
 	 */
 	public function get_view_data_item( string $data_id ): DataItem {
-		$data = $this->data_source()->get_data_by_id( $data_id );
+		$data   = $this->data_source()->get_data_by_id( $data_id );
+		$fields = $this->allowed_fields( $this->view_fields );
 
-		foreach ( $this->view_fields as $field ) {
+		foreach ( $fields as $field ) {
 			$data[ $field->uuid() ] = $field->get_value( $data );
 		}
 
 		return DataItem::from_array(
 			[
-				'fields' => $this->view_fields,
+				'fields' => $fields,
 				'data'   => $data,
 			],
 		);
 	}
 
 	/**
-	 * Returns all the fields for the dictionary view.
+	 * Returns all the fields for the directory view.
 	 *
 	 * @since $ver$
 	 *
 	 * @return array[] The fields as arrays.
 	 */
-	private function dictionary_fields(): array {
+	private function directory_fields_for_json(): array {
 		$fields = [];
 
-		foreach ( $this->directory_fields as $field ) {
+		foreach ( $this->allowed_fields( $this->directory_fields ) as $field ) {
 			$fields[] = array_filter(
 				$field->to_array(),
 				static fn( $value ) => ! is_null( $value ),
@@ -448,7 +451,7 @@ private function default_layouts(): array {
 	private function get_field_ids( ?callable $filter = null ): array {
 		$field_ids = [];
 
-		foreach ( $this->directory_fields as $field ) {
+		foreach ( $this->allowed_fields( $this->directory_fields ) as $field ) {
 			if ( $filter && ! $filter( $field ) ) {
 				continue;
 			}
@@ -542,7 +545,7 @@ public function to_array(): array {
 			'defaultLayouts' => $this->default_layouts(),
 			'paginationInfo' => $this->pagination->info( $this->data_source() ),
 			'view'           => $this->view(),
-			'fields'         => $this->dictionary_fields(),
+			'fields'         => $this->directory_fields_for_json(),
 			'data'           => $this->get_data(),
 			'actions'        => $this->actions ? $this->actions->to_array() : [],
 		];
@@ -734,4 +737,20 @@ private function get_media_field_id(): string {
 
 		return $image_fields ? reset( $image_fields ) : '';
 	}
+
+	/**
+	 * Filters out the fields the current user cannot view.
+	 *
+	 * @since $ver$
+	 *
+	 * @return Field[] The fields.
+	 */
+	private function allowed_fields( array $fields ): array {
+		return array_filter(
+			$fields,
+			fn( Field $field ) => AccessControlManager::current()->can(
+				new ViewField( $this, $field )
+			)
+		);
+	}
 }
diff --git a/src/DataView/Operator.php b/src/DataView/Operator.php
index e033dd2..9cea8e7 100644
--- a/src/DataView/Operator.php
+++ b/src/DataView/Operator.php
@@ -2,6 +2,8 @@
 
 namespace DataKit\DataViews\DataView;
 
+use DataKit\DataViews\EnumObject;
+
 /**
  * Represents a valid filter operator.
  *
diff --git a/src/DataView/View.php b/src/DataView/View.php
index 5c93d2f..c2f109f 100644
--- a/src/DataView/View.php
+++ b/src/DataView/View.php
@@ -2,6 +2,8 @@
 
 namespace DataKit\DataViews\DataView;
 
+use DataKit\DataViews\EnumObject;
+
 /**
  * Represents the valid view types.
  *
diff --git a/src/DataView/EnumObject.php b/src/EnumObject.php
similarity index 98%
rename from src/DataView/EnumObject.php
rename to src/EnumObject.php
index d5e5dc7..37ea9fa 100644
--- a/src/DataView/EnumObject.php
+++ b/src/EnumObject.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace DataKit\DataViews\DataView;
+namespace DataKit\DataViews;
 
 use InvalidArgumentException;
 
diff --git a/tests/AccessControl/AccessControlManagerTest.php b/tests/AccessControl/AccessControlManagerTest.php
new file mode 100644
index 0000000..fc2ff14
--- /dev/null
+++ b/tests/AccessControl/AccessControlManagerTest.php
@@ -0,0 +1,57 @@
+<?php
+
+namespace DataKit\DataViews\Tests\AccessControl;
+
+use DataKit\DataViews\AccessControl\AccessController;
+use DataKit\DataViews\AccessControl\AccessControlManager;
+use DataKit\DataViews\AccessControl\Capability\Capability;
+use DataKit\DataViews\AccessControl\ReadOnlyAccessController;
+use PHPUnit\Framework\TestCase;
+
+/**
+ * Unit tests for {@see AccessControlManager}
+ *
+ * @since $ver$
+ */
+final class AccessControlManagerTest extends TestCase {
+	/**
+	 * Creates an in-memory access controller instance.
+	 *
+	 * @since $ver$
+	 *
+	 * @return AccessController
+	 */
+	private static function create_access_controller(): AccessController {
+		return new class implements AccessController {
+			public function can( Capability $capability, ...$context ): bool {
+				return false;
+			}
+		};
+	}
+
+	/**
+	 * Test case for
+	 *
+	 * @since $ver$
+	 */
+	public function test_manager(): void {
+		self::assertInstanceOf( ReadOnlyAccessController::class, AccessControlManager::current() );
+
+		$fake   = self::create_access_controller();
+		$fake_2 = self::create_access_controller();
+
+		AccessControlManager::set( $fake );
+		AccessControlManager::set( $fake_2 );
+
+		self::assertNotInstanceOf( ReadOnlyAccessController::class, AccessControlManager::current() );
+		self::assertSame( $fake_2, AccessControlManager::current() );
+
+		AccessControlManager::reset();
+		self::assertSame( $fake, AccessControlManager::current() );
+
+		AccessControlManager::reset();
+		AccessControlManager::reset(); // Can't reset beyond all access.
+
+		self::assertInstanceOf( ReadOnlyAccessController::class, AccessControlManager::current() );
+	}
+}
diff --git a/tests/AccessControl/ReadOnlyAccessControllerTest.php b/tests/AccessControl/ReadOnlyAccessControllerTest.php
new file mode 100644
index 0000000..4a0ec5b
--- /dev/null
+++ b/tests/AccessControl/ReadOnlyAccessControllerTest.php
@@ -0,0 +1,37 @@
+<?php
+
+namespace DataKit\DataViews\Tests\AccessControl;
+
+use DataKit\DataViews\AccessControl\Capability\DeleteDataView;
+use DataKit\DataViews\AccessControl\Capability\EditDataView;
+use DataKit\DataViews\AccessControl\Capability\ViewDataView;
+use DataKit\DataViews\AccessControl\Capability\ViewField;
+use DataKit\DataViews\AccessControl\ReadOnlyAccessController;
+use DataKit\DataViews\Data\ArrayDataSource;
+use DataKit\DataViews\DataView\DataView;
+use DataKit\DataViews\Field\TextField;
+use PHPUnit\Framework\TestCase;
+
+/**
+ * Unit tests for {@see ReadOnlyAccessController}
+ *
+ * @since $ver$
+ */
+final class ReadOnlyAccessControllerTest extends TestCase {
+	/**
+	 * Test case for
+	 *
+	 * @since $ver$
+	 */
+	public function test_controller(): void {
+		$controller = new ReadOnlyAccessController();
+
+		$field    = TextField::create( 'test', 'Test' );
+		$dataview = DataView::table( 'test', new ArrayDataSource( 'test', [] ), [ $field ] );
+
+		self::assertTrue( $controller->can( new ViewDataView( $dataview ) ) );
+		self::assertFalse( $controller->can( new EditDataView( $dataview ) ) );
+		self::assertFalse( $controller->can( new DeleteDataView( $dataview ) ) );
+		self::assertTrue( $controller->can( new ViewField( $dataview, $field ) ) );
+	}
+}
diff --git a/tests/DataView/EnumObjectTest.php b/tests/EnumObjectTest.php
similarity index 94%
rename from tests/DataView/EnumObjectTest.php
rename to tests/EnumObjectTest.php
index 18b7f29..800ebb8 100644
--- a/tests/DataView/EnumObjectTest.php
+++ b/tests/EnumObjectTest.php
@@ -1,8 +1,8 @@
 <?php
 
-namespace DataKit\DataViews\Tests\DataView;
+namespace DataKit\DataViews\Tests;
 
-use DataKit\DataViews\DataView\EnumObject;
+use DataKit\DataViews\EnumObject;
 use PHPUnit\Framework\TestCase;
 
 /**