Create a custom role

Space administrators can create custom roles in the web app, under Settings > Roles & Permissions.

NOTE: Custom roles are only available on Premium/Enterprise plans. For more details, organization owners and admins can check their subscription plan.

Roles and Permissions Screen

How to create a custom role

To create a custom role:

  1. In the upper right corner, click Settings and select Roles & Permissions.

Create a new role

2. Click Create a new role. The "Role detail" page is displayed.

3. Give the role a relevant name and description. 

Custom roles Create a new role page

4. Navigate to the "Content" tab where you can define which content the new role can access.

NOTE: By default, actions are denied. You must explicitly grant permission to actions you want a role to have.

5. Click New allow rule. A row of drop-down menus are displayed to help refine the permission.

6. Select the actions, entries and content types this user role can access.

Allow rule permissions

7. You can also specify which type of content the role cannot access. Click New deny rule. A row of drop-down menus are displayed to help refine the permission.

Custom roles New deny rule

8. Select the actions, entries and content types this user role cannot access.

9. Navigate to the "Media tab" where you can define which media the new role can access.

10. Click New allow rule. A row of drop-down menus are displayed to help refine the permission.

Custom roles New allow rule for media

NOTE: You can also specify which media the role cannot access by clicking New deny rule.

11. Navigate to the "Environments" tab and select which environments the role can access.

Custom roles Environments

12. Navigate to the "Permissions" tab to further configure the permissions for this role.

13. When you are done configuring the role permissions, click Save changes.

Custom roles Save changes

14. The new role is created and displayed on the "Roles & permissions" page.

Role tester 

The role tester functionality allows admins to test and troubleshoot the roles within their organization. Once entering the details, admins can view the rules that apply to roles with an allowing or denying action result.  

custom roles-role tester

To use the role tester functionality:

  1. In the upper right corner, click Settings and select “Roles & Permissions.”

  2. Navigate to the "Content" tab to view the role tester in the right column. 

  3. Test a role by selecting a name from the drop-down, the action and the entry for that role. 

  4. Click Check action to view the rule results of that specific role and entry. 

NOTE: You can only run the role tester functionality with entries located in the master environment. You cannot test assets or workflow permissions with the role tester functionality.

Custom role examples

Proofreader

When creating a Proofreader role, we want to have the following requirements: 

  • A Proofreader can read any entry that is a Product.

  • A Proofreader can edit the “Product name” field of any entry that is a Product, regardless of locale.

  • A Proofreader can edit the “Description” field of any entry that is a Product, regardless of locale.

NOTE: Actions are denied by default. You must explicitly grant permission to actions you want a role to have. In our example, this includes the ability to read entries where edit permissions are granted.

Putting these requirements into the role configuration looks like this:

ActionWhich entriesContent typeFieldLocale
ReadAny entryProduct
EditAny entryProductProduct nameAll locales
EditAny entryProductDescriptionAll locales

Translator

When creating a Translator role, we want to have the following requirements:

  • A Translator can read any entry that is a Product.

  • A Translator can edit any entry in a selected locale.

Putting these requirements into the role configuration looks like this:

ActionWhich entries Content typeFieldLocale
Read Any entryAll content typesAll Fields All locales
Edit Any entryAll content typesAll Fields Single locale For example: Japanese (ja)
Translator role configuration

NOTES:

You can create additional translator roles by duplicating the predefined Translator role, if your plan allows it.

The role name must start with the word “Translator”, with a capital T. After saving the role, the language can be switched to the dedicated locale.

The Translator role can edit fields in any locale OR a single-selected locale.

Only the Edit action can be limited to a specific locale. Every Translator role will always have reading rights to all locales.

To make the editing experience easier for translators, select Single locale in the entry editor translations side bar.

Select Multiple locales

Assign existing users to roles

After creating the custom role, the next step to enabling field-level permissions is to assign users to the role. If you want to assign a user to a role who is not currently part of your organization, see inviting new users.

To assign an existing user to a role:

  1. In the upper right corner, click Settings and select Roles & Permissions.

    Roles and Permissions Screen
  2. Under the "Members" column, click the link indicating the number of members for the role you want to assign. The Users management page is displayed.

    Custom roles User management

  3. Click Add users to bring up the list of users for the organization.

    Custom roles Add users

  4. Select one or more users and click Assign roles to users.

    Roles and Permissions: Add users to space
  5. Select the role that should be assigned to the user and click Add selected users.

Roles and Permissions: Assign user to role

The user will receive an invitation to the space and will be displayed on the "Users" page with the assigned role.