diff --git a/frontend/pages/[objectName]/[[recordId]]/[[view]].vue b/frontend/pages/[objectName]/[[recordId]]/[[view]].vue
index faea581..7b5b225 100644
--- a/frontend/pages/[objectName]/[[recordId]]/[[view]].vue
+++ b/frontend/pages/[objectName]/[[recordId]]/[[view]].vue
@@ -124,6 +124,15 @@ const editConfig = computed(() => {
   return config
 })
 
+// Compute canCreate based on objectAccess
+// Note: MySQL BOOLEAN fields return 0/1 (numbers), not true/false
+const canCreate = computed(() => {
+  const publicCreate = objectAccess.value?.publicCreate
+  const result = publicCreate === true || publicCreate === 1
+  console.log('[PAGE] canCreate computed:', result, '(publicCreate:', publicCreate, 'type:', typeof publicCreate, ')')
+  return result
+})
+
 // Debug current view state
 watch([view, recordId, editConfig, currentRecord, loading, dataLoading], ([v, rid, ec, cr, l, dl]) => {
   console.log('[PAGE] View state changed:')
@@ -149,13 +158,12 @@ const fetchObjectDefinition = async () => {
       const accessResponse = await api.get(`/setup/objects/${objectApiName.value}/access`)
       objectAccess.value = accessResponse
     } catch (e) {
-      console.warn('Failed to fetch access permissions:', e)
-      // Set defaults if fetch fails
+      // Set defaults if fetch fails - assume most restrictive
       objectAccess.value = {
-        publicCreate: true,
-        publicRead: true,
-        publicUpdate: true,
-        publicDelete: true,
+        publicCreate: false,
+        publicRead: false,
+        publicUpdate: false,
+        publicDelete: false,
       }
     }
   } catch (e: any) {
@@ -291,7 +299,7 @@ onMounted(async () => {
         :data="records"
         :loading="dataLoading"
         :base-url="`/runtime/objects`"
-        :can-create="objectAccess?.publicCreate !== false"
+        :can-create="canCreate"
         selectable
         @row-click="handleRowClick"
         @create="handleCreate"