Help Center / Roles / Space roles / Create a custom role

Create a custom role

Space administrators can create custom roles in the web app, under Settings > Roles & Permissions.

NOTE: Custom roles are only available on Premium plans. For more details, organization owners and admins can check their subscription plan.

Roles and Permissions Screen

How to create a custom role

To create a custom role:

  1. Click Settings and select Roles & Permissions.

2. Click Create a new role. The "Role detail" page is displayed.

Create a new role

3. Give the role a relevant name and description. 

Custom roles Create a new role page

4. Navigate to the "Content" tab, where you can define which content the new role can access.

The Content tab of a custom role

NOTE: Actions are denied by default. You must explicitly grant permission to actions you want a role to have.

5. Click New allow rule. A row of drop-down menus is displayed to help refine the permissions.

6. Select the actions, entries, and content types this user role can access.

Allow rule permissions

7. You can also specify which type of content the role cannot access. Click New deny rule. A row of drop-down menus is displayed to help refine the permissions.

8. Select the actions, entries, and content types this user role cannot access.

Custom roles New deny rule

9. Navigate to the "Media" tab, where you can define which media the new role can access.

Custom roles Media tab

10. Click New allow rule. A row of drop-down menus is displayed to help refine the permissions.

NOTE: You can also specify which media the role cannot access by clicking New deny rule.

11. Navigate to the "Environments" tab and select which environments the role can access. You can limit access to the master environment only, give access to selected environments for more control, or allow access to all environments.

Custom roles Environments

12. Navigate to the "Permissions" tab to further configure the permissions for this role at space level.

Custom roles Permissions tab

13. When you are done configuring the role permissions, click Save changes. The new role is created and displayed on the "Roles & permissions" page.

Role tester 

The role tester functionality allows admins to test and troubleshoot the roles within their organization. Once entering the details, admins can view the rules that apply to roles with an allowing or denying action result.  

To use the role tester functionality:

  1. Click Settings, and select “Roles & permissions.”

  2. Navigate to the "Content" tab to view the role tester in the right column. 

    custom roles-role tester

  3. Test a role by selecting a name from the drop-down, the action, and the entry for that role. 

  4. Click Check action to view the rule results of that specific role and entry. 

NOTE: You can only run the role tester functionality with entries located in the master environment. You cannot test assets or workflow permissions with the role tester functionality.

Custom role examples

Proofreader

When creating a Proofreader role, we want to have the following requirements: 

  • A Proofreader can read any entry that is a Product.

  • A Proofreader can edit the “Product name” field of any entry that is a Product, regardless of locale.

  • A Proofreader can edit the “Description” field of any entry that is a Product, regardless of locale.

NOTE: Actions are denied by default. You must explicitly grant permission to actions you want a role to have. In our example, this includes the ability to read entries where edit permissions are granted.

Putting these requirements into the role configuration looks like this:

ActionWhich entriesContent typeFieldLocale
ReadAny entryProduct
EditAny entryProductProduct nameAll locales
EditAny entryProductDescriptionAll locales

Translator

When creating a Translator role, we want to have the following requirements:

  • A Translator can read any entry that is a Product.

  • A Translator can edit any entry in a selected locale.

Putting these requirements into the role configuration looks like this:

ActionWhich entries Content typeFieldLocale
Read Any entryAll content typesAll Fields All locales
Edit Any entryAll content typesAll Fields Single locale For example: Japanese (ja)
Translator role configuration

NOTES:

  • You can create additional translator roles by duplicating the predefined Translator role, if your plan allows it.

  • The role name must start with the word “Translator”, with a capital T. After saving the role, the language can be switched to the dedicated locale.

  • The Translator role can edit fields in any locale OR a single-selected locale.

  • Only the Edit action can be limited to a specific locale. Every Translator role will always have reading rights for all locales.

To make the editing experience easier for translators, select Single locale in the entry editor translations sidebar.

Select Multiple locales

Assign existing users to roles

After creating the custom role, the next step to enabling field-level permissions is to assign users to the role. If you want to assign a role to a user that's not currently part of your organization, see inviting new users.

To assign an existing user to a role:

  1. Click Settings, and select "Roles & permissions".

    Roles and Permissions Screen

  2. Under the "Members" column, click the link indicating the number of members for the role you want to assign. The Users management page is displayed.

    Custom roles User management

  3. Click Add users to bring up the list of users for the organization.

    Custom roles Add users

  4. Select one or more users and click Assign roles to users.

    Roles and Permissions: Add users to space

  5. Select the role that should be assigned to the user and click Add selected users.

Roles and Permissions: Assign user to role

The user will receive an invitation to the space and will be displayed on the "Users" page with the assigned role.