O’Reilly Report: Decoupled Applications and Composable Web Architectures - Download Now

Empower your teams & get a 582% ROI: See Storyblok's CMS in action

Skip to main content

Roles & Permissions

Roles are for giving certain permissions to various types of users in your space. It gives the space owner and admins greater control over who can publish what, especially for bigger projects. For instance: if you have several authors on your blog, you can give different access permissions for each author. This would minimize the risk of authors getting in each other’s way and will provide a robust solution to organizing team coordination.


What are Roles?

Default Roles

Your Storyblok space is set up with three roles by default: Owner, Admin, and Editor

RoleDescription
OwnerThe user who created the space; can create, update, delete roles and grant permissions. Can also create and update content.
AdminCreates and grants permissions to each custom role. Admin manages users and creates/updates content.
EditorA role that has some limitations by default. This is meant to provide convenience for the user in case they are unsure of what permissions to grant. Editors can create and update content, but cannot manage other users.

Custom Roles

Besides the default roles of Editor and Admin, you are free to create any kinds of roles that meet the needs of your team. Custom roles are created by the user to further tailor your experience and management of your team and spaces on Storyblok. You may have designers, translators, or content creators who will not need access to the entire project, but rather specific parts of it. This is where custom roles and permissions comes in handy.


What are Permissions?

Permissions are rules set within a role that either grant or prevent access to certain aspects of the space.

Permission Types

It is possible to manage permissions at a granular level with Storyblok. This allows you to have more control over your workflow as your team increases in size and variety of roles. For instance, you can have an “English Author” role that only has access to content in the English language, and they will not be able to accidentally publish in any other language.

General

Besides their role of Editor, there is no pre-defined set of permissions you have to use-- you have the freedom to define the level of access for each role depending on your needs.

TypeWhat it involves
Content & Editordeals with reading, saving, and publishing content. This category involves allowing a user to deploy to pipelines, or grants access to an image or visual editor. As for Stories, this allows moving a story or changing the slug of the story. The Admin can also allow a user to hide content or folders.
Tagsthe management of tags: creating, updating, and deleting
Datasourcesallowing the editing of datasource keys and values
eCommerce appgranting the user access to the eCommerce app
Task appgranting the user access to the Task app

Content

For these permissions, if nothing is specified, the user has access/rights to edit, view, or deploy.

TypeWhat it involves
Languagesaccess to specific languages, i.e., restricting a user’s access to content in English, Spanish, French, etc.
Pipelinesrestricts access to specific pipelines that this particular role can deploy to
Folder/content itemrestricts access to specific folders/content

Blocks

Blocks permissions involve granting access to edit specific blocks. Admin is also able to hide certain blocks from specified user Roles.


Datasources

The Datasources category involves permissions to access the key-value pairs within datasources.


Assets

The Assets category involves permissions to access editing and uploading to certain asset folders.


How to create roles

On the left-hand navigation, select {1} Settings, then select {2} Roles and click the {3} Add new role button.

An annotated screenshot of the Roles category in settings
1
2
3

Type in a {1} name for the role and {2} select your permissions

Select {3} Save when you are finished.

Adding {4} a short description is optional.

Add {5} if you want to create a role for an SSO user.

An annotated screenshot of the Roles category in settings
1
2
3
4
5

Creating SSO user role

To create a role for a Single Sign-On (SSO), navigate to the roles tab in settings and click on the checkbox for SSO {1}

1

click the checkbox {1} to indicate this is an SSO role. Next, add the SSO user ID user {2} and click on any checkbox for the default admin {3} or editor {4} user role.

1
2





How to change permissions

On the left-hand navigation, select {1} Settings, then select {2} Roles and click on the {3} role you would like to edit.

An annotated screenshot of the Roles category in settings
1
2
3

Next, under {1} Permissions, select the {2} category tab you wish to edit permissions from. {3} Select/deselect your permissions in the expandable lists.

When finished, select {4} Save.

An annotated screenshot of the Roles category in settings
1
2
3
4

Permission for read-only field access

To set a read-only permission for a field, navigate to your Blocks {1} permissions and click on the Block field permissions {2} dropdown. To make a field read-only for the selected role, click the checkbox {3} next to that field. This will prevent users with this role from editing the field's content.

1
2
3

A collaborator is a person who is an explicit member of your project. As an owner of a space, you can choose between different roles or define your own advanced rights (roles) and permissions.

Users and Collaborators

Roles overview

  • Admin
    • Space (Read*)
    • Story (Create, Read, Update, Delete)
    • Component (Create, Read, Update, Delete, Use, Save, Publish)
    • Datasource (Create, Read, Update, Delete, Use)
    • Datasource Entry (Create, Read, Update, Delete, Use)

* Is allowed to see it in the space overview - does not have access to the dashboard.

  • Editor
    • Space (Read*)
    • Story (Create, Read, Update, Delete, Save, Publish)
    • Component (Use in SideBySide Editor)
    • Datasource (Read)
    • Datasource Entry (Read, Update the value's, Export)

* Is allowed to see it in the space overview - does not have access to the dashboard.

  • Advanced Roles
    By default, with Advanced Roles, your Collaborator won't be able to do anything with your space. You can add manage rights by clicking on the permission checkboxes in your 'Settings' menu of the role.