Roles & Permissions
Roles are for giving certain permissions to various types of users in your space. It gives the space owner and admins greater control over who can publish what, especially for bigger projects. For instance: if you have several authors on your blog, you can give different access permissions for each author. This would minimize the risk of authors getting in each other’s way and will provide a robust solution to organizing team coordination.
What are Roles?
Default Roles
Your Storyblok space is set up with three roles by default: Owner, Admin, and Editor
| Role | Description |
|---|---|
| Owner | The user who created the space; can create, update, delete roles and grant permissions. Can also create and update content. |
| Admin | Creates and grants permissions to each custom role. Admin manages users and creates/updates content. |
| Editor | A role that has some limitations by default. This is meant to provide convenience for the user in case they are unsure of what permissions to grant. Editors can create and update content, but cannot manage other users. |
Custom Roles
Besides the default roles of Editor and Admin, you are free to create any kinds of roles that meet the needs of your team. Custom roles are created by the user to further tailor your experience and management of your team and spaces on Storyblok. You may have designers, translators, or content creators who will not need access to the entire project, but rather specific parts of it. This is where custom roles and permissions comes in handy.
What are Permissions?
Permissions are rules set within a role that either grant or prevent access to certain aspects of the space.
Permission Types
It is possible to manage permissions at a granular level with Storyblok. This allows you to have more control over your workflow as your team increases in size and variety of roles. For instance, you can have an “English Author” role that only has access to content in the English language, and they will not be able to accidentally publish in any other language.
General
Besides their role of Editor, there is no pre-defined set of permissions you have to use-- you have the freedom to define the level of access for each role depending on your needs.
| Type | What it involves |
|---|---|
| Content & Editor | deals with reading, saving, and publishing content. This category involves allowing a user to deploy to pipelines, or grants access to an image or visual editor. As for Stories, this allows moving a story or changing the slug of the story. The Admin can also allow a user to hide content or folders. |
| Tags | the management of tags: creating, updating, and deleting |
| Datasources | allowing the editing of datasource keys and values |
| eCommerce app | granting the user access to the eCommerce app |
| Task app | granting the user access to the Task app |
Content
For these permissions, if nothing is specified, the user has access/rights to edit, view, or deploy.
| Type | What it involves |
|---|---|
| Languages | access to specific languages, i.e., restricting a user’s access to content in English, Spanish, French, etc. |
| Pipelines | restricts access to specific pipelines that this particular role can deploy to |
| Folder/content item | restricts access to specific folders/content |
Blocks
Blocks permissions involve granting access to edit specific blocks. Admin is also able to hide certain blocks from specified user Roles.
Datasources
The Datasources category involves permissions to access the key-value pairs within datasources.
Assets
The Assets category involves permissions to access editing and uploading to certain asset folders.
How to create roles
On the left-hand navigation, select {1} Settings, then select {2} Roles and click the {3} Add new role button.
)
Type in a {1} name for the role and {2} select your permissions.
Select {3} Save when you are finished.
Adding {4} a short description is optional.
Add {5} if you want to create a role for an SSO user.
)
Creating SSO user role
To create a role for a Single Sign-On (SSO), navigate to the roles tab in settings and click on the checkbox for SSO {1}
click the checkbox {1} to indicate this is an SSO role. Next, add the SSO user ID user {2} and click on any checkbox for the default admin {3} or editor {4} user role.
)
How to change permissions
On the left-hand navigation, select {1} Settings, then select {2} Roles and click on the {3} role you would like to edit.
)
Next, under {1} Permissions, select the {2} category tab you wish to edit permissions from. {3} Select/deselect your permissions in the expandable lists.
When finished, select {4} Save.
)
Permission for read-only field access
To set a read-only permission for a field, navigate to your Blocks {1} permissions and click on the Block field permissions {2} dropdown. To make a field read-only for the selected role, click the checkbox {3} next to that field. This will prevent users with this role from editing the field's content.
)
A collaborator is a person who is an explicit member of your project. As an owner of a space, you can choose between different roles or define your own advanced rights (roles) and permissions.
/)
Roles overview
- Admin
- Space (Read*)
- Story (Create, Read, Update, Delete)
- Component (Create, Read, Update, Delete, Use, Save, Publish)
- Datasource (Create, Read, Update, Delete, Use)
- Datasource Entry (Create, Read, Update, Delete, Use)
* Is allowed to see it in the space overview - does not have access to the dashboard.
- Editor
- Space (Read*)
- Story (Create, Read, Update, Delete, Save, Publish)
- Component (Use in SideBySide Editor)
- Datasource (Read)
- Datasource Entry (Read, Update the value's, Export)
* Is allowed to see it in the space overview - does not have access to the dashboard.
- Advanced Roles
By default, with Advanced Roles, your Collaborator won't be able to do anything with your space. You can add manage rights by clicking on the permission checkboxes in your 'Settings' menu of the role.