DEV Community

Jamie Barton for GraphCMS

Posted on

Working with Custom Roles and Permissions at GraphCMS

At some point you'll want to invite others to contribute, review or manage content, and if you're an agency or large enterprise, you'll want to enable advanced permissions such as schema editing and environments across the development team.

That's why at GraphCMS we have a set of default roles available for you to use, and even the ability to create your own custom roles for ultimate granularity within your use case.

The default roles available are;

  • Contributor: Ability to create and update content.
  • Editor: Everything Contributor can do and delete content.
  • Developer: Can do everything Editor can, and create, update and delete models/enums.
  • Admin: Can do everything a Developer can, and manage teams, create and update projects.
  • Owner: Can do everything Admin can, and change billing and delete projects.

Once you're ready to invite a user, head your project settings and choose "Members" from the sidebar. It's here you can manage your team, custom roles and pending invites.

Let's go ahead and invite someone to our team...

Invite new user

All that's needed is an email and a role...

Invite user dialog

That's it! The invitee will then receive an email with a link to accept the invitation, and if the user is already a GraphCMS user, they will be able to see this project and their own in their project select screen after sign-in.

ย Custom roles

But what about custom roles I hear you ask...

Well we've made it just as easy to create a custom role.

Custom roles list

Once you click + Create New, you'll be presented with a form to give the custom role a Name, Description and permissions picker.

To speed things up, you can copy permissions from another default or custom role, and then fine tune. Otherwise you can go ahead and select the required permissions.

For this example, we'll create a new custom role for API Access Commander. The purpose of this role is to only allow users of this role to create, read, update and deleting Permanent Auth Tokens, as well as Read stages and Read existing environments.

Create a Custom Role dialog

Now if I go ahead and invite a new user using the API Access Commander role, they'll be limited in what they can do once logged in!

Invite API Access Commander dialog

๐Ÿ“Œ Don't forget to add Read stages and Read existing environments to the accepted permissions.

That's it! When the invited user logs in they'll notice a restricted sidebar.

GraphCMS sidebar

Discussion (0)