Create a Role | Classic

Only the stack owner, admins and users assigned “Developer” roles have the right to create a role in the stack.

To create a role, log in to your Contentstack account, and perform the following steps:

  1. Go to your stack, navigate to the “Settings” gear icon, and select Roles. Here, you will see the list of existing roles of the stack.
  2. Click on the + New Role button located at the top right corner of the Roles page.
  3. Enter a suitable Name and Description for the role.
  4. Under PERMISSIONS, define the permissions that you want to assign to the new role. You can set permissions on entries, assets, and asset folders.
    1. Permissions on entries: Set permissions for all entries of all/specific content types, or specific entries, or even specific fields. Refer to the “Permissions on entries” section to learn how you can use this permission.
    2. Permissions on assets: Set permissions on all/specific assets, or on specific assets’ folder. Refer to the “Permissions on assets” section to learn how you can use this permission.
    3. Exceptions: If you do not want any role to access data of certain entries and/or fields, or any assets, you can add exceptions.
  5. Under Publishing Environments, set on which environment(s) the role can publish content.
    Publishing_Environments.png

    Note: Once you set the environment-related permissions, the user role will be able to publish all language variants of entries in the stack to the selected environments.

  6. Under Languages, define the language-related permissions you want to assign to the role.
    1. Permissions on languages: Set the language(s) to which the role should have access.
      Permissions_on_Languages_Classic.png
      You can also restrict access for a specific role to the master language. To understand how language-specific restrictions affect a user's entry access permissions, refer to the Language-Specific Restrictions on Entries Scenarios section.

      Warning: If you deselect the master language, then any unlocalized language entry that inherits content from the master language will not be accessible.


      Restrict_Master_Language_Access_Classic.png
    2. Exceptions: If you do not want any role to access data of certain language variants of entries in the stack, you can add exceptions. Refer to the Exceptions on Languages section to learn how to add language-related exceptions.
  7. Click Save to create the new role.

Permissions on Entries

You can set permissions on entries, i.e., you can allow a new role to “Read,” “Create,” “Update,” “Publish/Unpublish,” and/or “Delete” entries. The entry-/field-level permissions are categorized into three sections: “All Entries,” “Specific Entries,” and “Specific Fields.” Let’s look at them in detail.

  • All Entries of Content Types - Set what this role can do on all entries of one or more content types. For example, you can assign the "READ" permission to all entries of the "Blog" content type.
    All Entries of Content Types.png
  • Specific Entries - Set what this role can do on specific entries of one or more content types. For example, you can assign the "READ" and "UPDATE" permissions to "My First Article" and "My Second article" entries of the "Blog" content type.
    Specific entries.png
  • Specific Fields - Set what this role CANNOT do on specific fields of specific entries. You can apply these settings via the +Add Exceptions button when assigning Exceptions on Entries.

Permissions on Assets

You can create a custom user role that has permissions such as "Read," "Update," "Publish/Unpublish," and "Delete" on all or specific assets and asset folders.

The asset-level permissions are categorized into three sections: "All Assets and Folders," "Specific asset(s)," and "Specific Folder(s)." Let us look at them in detail.

  • All Assets and Folders: Set what a user role can do on all assets and folders of a stack. For example, you can create a user role with "Read" permission on all the assets and asset folders of your stack.
    all assets and asset folders
  • Specific Asset(s): Set what a user role can do on specific assets of a stack. For example, you can create a user role with "Publish" permission on "Image 1" and "Image 2" of your stack.
    specific assets
  • Specific Folder(s): Set what a user role can do on specific folders of a stack. All the individual assets and subfolders within that specific folder will have the same permissions.

    For example, you can create a user role with "Read" permission on the "Marketing Images" asset folder and "Publish" permission on the "InDesign Images" folder. The user role can access all the assets/subfolders within "Marketing Images" and "InDesign Images" with "Read" and "Publish" permissions, respectively.
    specific folders

Permissions on Languages

You can set permissions on language variants of entries, i.e., you can allow a new role to “Read,” “Create,” “Update” and/or “Delete” specific language versions of an entry. The language permissions are categorized into two sections: “All Languages” and “Specific Languages.” Let’s look at them in detail.

  • All Languages of the Stack: Set what this role can do on all language variants of an entry of the stack. For example, you can provide permission to all the language variants of entries in the stack, such as English (United States), French (France), Japanese (Japan) and Spanish (Spain).
    Permissions_on_Languages_Classic.png
  • Specific Language(s) of the Stack: Set what this role can do on specific language variants of an entry of the stack. For example, you can provide permission to only the “French” and “Spanish” language variants of entries in the stack.Restrict_Master_Language_Access_Classic.png

Exceptions

Exceptions, as the name suggests, let you add an exception to existing permissions. It enables you to define what a role CANNOT do. For example, if a role can create entries for all content types, you can set an exception by restricting it from creating entries of a particular content type. For example, CANNOT "Create" entries for "Blog" content type.

You can apply exceptions at both the entry and asset level. Let’s look at them in detail.

Exceptions on Entries

You can disallow a new role to "Read," "Create," "Update," "Publish/Unpublish," and/or "Delete" entries or fields. These exceptions are further divided into the following categories:

  • All Entries of Content Types - Set what this role CANNOT do on all entries of one or more content types. For example, the role can "READ" the entries of the "Blog" content type but cannot "UPDATE" them.
    Exceptions - All Entries of Content Types.png
  • Specific Entries - Set what this role CANNOT do on specific entries of one or more content types. For example, the role can "Read" all the entries of the "Blog" content type but cannot "Update" two entries: "My First Article" and "My Second article."
    Exceptions - Specific Entries.png
  • Specific Fields - Set what this role CANNOT do on specific fields of one or more content types. For example, the role can "READ" but cannot "UPDATE" the "Author Name" field of all entries of the "Author" content type.
    Exceptions - Specific Fields.png

Exceptions on Assets

You can disallow a new role to "Read," "Create," "Update," "Publish/Unpublish," and "Delete" all or specific assets and asset folders. For example, the role can "Read" all assets and asset folders, but cannot "Publish" them.

These exceptions are further divided into the following categories:

  • All Assets and Folders: Set what this role CANNOT do on all assets and folders of a stack. For example, the role can "Read" all the assets and folders of a stack, but cannot "Update" them.
    exception on all the asset and asset folders
  • Specific Asset(s): Set what this role CANNOT do on specific assets of a stack. For example, the role can "Read" all the assets of a stack but cannot "Publish" the "Image1" asset of the stack.
    exceptions on specific assets
  • Specific Folder(s): Set what this role CANNOT do on specific folders of a stack. For example, the role can "Read" all the folders of a stack but cannot "Update" two folders: "Marketing Blogs" and "Sales Blogs." By default, the user cannot "Update" all the assets and/or subfolders within the "Marketing Blogs" and "Sales Blogs" folders.
    exceptions on specific folders

Exceptions on Languages

You can disallow a new role to "Create," "Update," and/or "Delete" entries localized in the selected languages. For example, restrict a role from being able to "Create," "Update," or "Delete" entries localized in English (United States) or French (France).

These exceptions are further divided into the following categories:

  • All Languages: Set what this role CANNOT do on all language variants of all entries in the stack. For example, the role can "READ" the entries present in all languages but cannot "UPDATE" them.
    Specific_Language_Permissions_Exception_Classic.png
  • Specific Languages(s): Set what this role CANNOT do on specific language variants of all entries in the stack. For example, the role can "Read" all the English (United States) versions of entries of the stack but cannot "Update" them.
    Specific_Language-related_Permissions_Classic.png

Tutorial Video

Let's create a new custom role, and give this role certain permissions on the News Articles content type as well as the assets associated with the content type.

API Reference

To perform the create action via API request, refer to the Create a Role API request.

Was this article helpful?

Thanks for your feedbackSmile-icon

On This Page

^