Assign and remove role permissions
A role is made up of permissions, users, groups and in some cases API keys.
Permissions are actions a user can carry out on a particular resource. Users and groups define those users who can carry out the actions, either by individual assignment or by being a member of a group. API keys can be assigned to a role to grant programmatic access to content through the Management API.
Add a permission
With a role open for editing:
- Select a permission type from the toolbox. A new permission will be added to the list.
- The permission you've added will be active and the Permissions panel for the selected permission will be displayed.
Configure the permission
With a permission selected, the permissions panel will be displayed, allowing you to configure the resource to which the permission relates.
A resource determines the permissions that are available.
- Select the resource that you want to edit from the centre panel. A list of the supported actions that are available for editing will be displayed in the right-hand panel.
- Use the toggle buttons next to each action to turn permissions on or off. Permissions will appear in the permissions list as they are added.
- Once you are happy with the permissions, press Save.
If you are providing access to multiple resources, add another permission and configure as per these steps.
Note: Resist any temptation to make a one-off change for a user with unusual needs. If you begin doing this, the role permission system will quickly begin to unravel. Change the roles as required, or add new ones when really necessary.
Common permission events
- View — the user can view content. The view permission is inherently set when any other permission is granted.
- Create / save — the user can create new content, and save changes to existing content.
- Submit / revoke — the user can submit and revoke content from review.
- Approve / decline — the user can approve or decline content for publication.
- Publish – the user can publish the content for immediate publication.
- Unpublish – the user can unpublish the content.
- Delete — the user can delete content permanently.
Permissions are explicitly set – meaning it is possible to set up a role with a permission that depends on another permission to work correctly. This may seem counter intuitive, but it ensures that access is not given by mistake. An example of this would be a role that could revoke an entry but not create / update an entry.
Remove a permission
If you don't need a permission within a role, it can be removed by following these steps:
- Locate the permission in the role that you want to remove.
- Press the cross on the permission to remove it from the role.
- Press Save to confirm your changes.
Note: Removing permissions from a role will affect any users or API keys that are assigned to the role.