Users and Roles

Users

Since Contentstack is an enterprise content management system, it may have many users with varying permissions working together. All the member accounts of a stack are called users in Contentstack. Depending on the permissions they have, users can be classified into five types:

  • Owner
  • Admin
  • Developer
  • Content Manager
  • User with custom permissions

View Roles to learn more about the permissions of each type of users.

Add a New User

A user, if has the required permission, can invite other users to collaborate on a stack. To add a new user, perform the following steps

  1. Hover on the 'SETTINGS’ tab and select ‘Users'. Here, you can see the list of all the existing users (collaborators) of the stack along with their details.
  2. Click on the ‘+ Invite User’ button at the top right-hand side corner of the page.
  3. In the 'Invite User' form that opens, enter the email ID(s) of the user(s) you wish to invite and share the stack with. You also need to assign a role(s) to the user(s) while sharing the stack. Read about Roles for more details.
    Invite user.png
  4. Enter a short message that goes along with the invitation (optional).
  5. Click on 'Invite'.

Once the invited user accepts the invitation, he/she can collaborate with you on the specified stack.

Tutorial Video

In this tutorial, we will invite a new user to collaborate on My News stack.

Add a New User.png

Remove a User

You can remove an existing user from the stack, if you have the required permission. To remove a user:

  1. Hover on the 'SETTINGS’ tab and select ‘Users'.
  2. Hover over the user you wish to delete and click on the ‘more options’ icon (three vertical dots) that appear on the right-hand side of the user entry.
  3. Click on Remove.

Tutorial Video

In this tutorial, we will remove an existing user from the My News stack.

Remove a User.png

Transfer Ownership

If you are the owner of a stack, you can transfer the ownership or make another user the owner of your stack in a few clicks. To achieve this, go to Settings > Stack, and click on Transfer Ownership. Enter the email address of the user you wish to transfer the stack's ownership to.

Once you click on Transfer, an email request will be sent to the specified user for accepting the ownership. As soon as the user accepts this request, he/she becomes the owner of your stack. You, then, do not have the rights to make any changes to the stack or to the content within.

Tutorial Video

In this tutorial, we will transfer the ownership of the My News stack.

Transfer Ownership.png

Roles

Instead of assigning permissions to one user at a time, you can assign permissions to a group of users with the help of roles. In other words, a role is a collection of permissions that will be applicable to all the users who are assigned this role. For example, if you create a role that has ‘Create’ and ‘Delete’ permissions on certain content types and assign this role to 20 users, all these 20 users will have ‘Create’ and ‘Delete’ permissions on the entries of these content types.

Types of roles

Contentstack provides four user roles: ‘Owner,’ ‘Admin,’ ‘Developer,’ ‘Content Manager,’ and ‘Custom Role’. Let’s understand these roles in detail.

Owner

Creating a stack in Contentstack makes you the Owner of the stack. Each stack can have only one Owner, who has complete rights to the content and settings of a stack in addition to the combined rights of a ‘Developer’ and a ‘Content Manager’. Apart from this, the Owner has the right to delete a stack as well as transfer the ownership of the stack to another user.

Admin

The Admin role has the following rights:

  • Create, update, delete, publish, unpublish entries and assets
  • Create, update, delete languages, environment, content types and custom roles
  • Invite users to and remove users from the stack
  • View audit logs and publish queue

The Admin role has more rights than a Developer and fewer than the Owner.

Admin vs Owner

An Admin cannot delete a stack. The right to delete a stack lies with the owner of the stack. This is the only difference between the Admin and the Owner.

Developer

A ‘Developer’ is a person who creates the structure of the site or defines the way content will appear on the site. Hence, this role has been assigned the following permissions:

  • View audit logs
  • Create Roles
  • Invite users
  • Create/edit/delete languages, environments, and content types
  • All the rights of a Content Manager

Admin vs Developer

The Developer can invite users to a stack and can remove only the users that he/she has invited. The Admin, however, can invite users and can remove any user from the stack.

The Developer role is editable. This means that the default rights assigned to a Developer role can be changed. On the other hand, the rights of an Admin role cannot be changed.

Note: The Developer role is editable, i.e., the default rights assigned to a Developer role can be changed.

Content Manager

A ‘Content Manager’ is a user who works with/on the content of a stack. Thus, this role has been assigned the following rights:

  • View content types
  • Create/publish entries and assets
  • View publishing queue

Note: Content Managers cannot edit content types or access stack settings. This role is editable, i.e., the default rights assigned to a Content Manager role can be changed.

Custom Role

In addition to the predefined system roles (‘Admin’, ‘Developer’, and ‘Content Manager’), you can add custom roles by defining specific permissions, and assign this role to the users of a stack.

The best part about custom roles is that you have fine-grained control over permissions. You can assign permissions at entry, field, and asset level. For example, ‘ABC’ role can READ only two entries of a content type, or EDIT only the SEO fields, or cannot READ any assets.

Refer the Create role section to learn more.

Create role

To create a new role, you should either be the stack owner or a user assigned the 'Developer' role to be able to create custom roles.

To add a new role, perform the following steps:

  1. Hover on the SETTINGS tab and select Roles. Here, you will see the list of all the existing roles of the stack.
  2. Click on + New Role to create a new custom role.
  3. Enter a suitable Name and Description for the role.
  4. Under PERMISSIONS, define the permissions that you wish to assign to the new role. You can set permissions for entries as well as assets.
    • Permissions on entries: Set permissions for all entries of a content type, or specific entries, or even specific fields. Read more about the ‘Permissions on entries’ section below for more details.
    • Permissions on assets: Set permissions on all or specific assets of the stack. Read the ‘Permissions on assets’ section below to learn more.
    • Exceptions: If you do not want the role to access data of certain entries and/or fields or any assets, you can add exceptions. Read more.
  5. Finally, allow/disallow publishing rights for environments and languages.
    • Publishing Environments: You can allow/disallow the new role to publish content to specific environments.
    • Languages: You can allow/disallow publishing rights for specific languages to users. By default, each role has publishing rights to the master language. To assign publishing rights for languages apart from the master language, select the languages to which you want the role to have publishing rights.
  6. Click Save to create the new role.

Permissions on entries

You can set permissions on entries, i.e., you can allow a new role to ‘Read’, ‘Create’, ‘Update’, ‘Publish/Unpublish’, and/or ‘Delete’ entries. The entry-/field-level permissions are categorized into three sections: ‘All Entries,’ ‘Specific Entries,’ and ‘Specific Fields.’ Let’s look at them in detail.

  • All Entries of Content Types - Set what this role can do on all entries of one or more content types. For example, you can assign the ‘READ’ permission to all entries of the 'Blog' content type.
    All Entries of Content Types.png
  • Specific Entries - Set what this role can do on specific entries of one or more content types. For example, you can assign the ‘READ’ and ‘UPDATE’ permissions to 'My First Article' and 'My Second article' entries of the 'Blog' content type.
    Specific entries.png

Permissions on assets

You can allow a new role to ‘Read,’ ‘Create,’ ‘Update,’ ‘Publish/Unpublish,’ and ‘Delete’ all or specific assets. For example, you can assign the ‘Read’ permission to ‘Image 1’ and ‘Image 2’.

Assets-level Permission.png

Exceptions

Exceptions, as the name suggests, let you add an exception to existing permissions. It enables you to define what a role CANNOT do. For example, if a role can create entries for all content types, you can set an exception by restricting it from creating entries of a particular content type. For example, CANNOT ‘Create’ entries for ‘Blog’ content type.

You can apply exceptions at both the entry and asset level. Let’s look at them in detail.

Exceptions on entries
You can disallow a new role to ‘Read,’ ‘Create,’ ‘Update,’ ‘Publish/Unpublish,’ and/or ‘Delete’ entries or fields. These exceptions are further divided into the following categories:

  • All Entries of Content Types - Set what this role CANNOT do on all entries of one or more content types. For example, the role can ‘READ’ the entries of the 'Blog' content type but cannot ‘UPDATE’ them.
    Exceptions - All Entries of Content Types.png
  • Specific Entries - Set what this role CANNOT do on specific entries of one or more content types. For example, the role can ‘Read’ all the entries of the 'Blog' content type but cannot ‘Update’ two entries: 'My First Article' and 'My Second article.'
    Exceptions - Specific Entries.png
  • Specific Fields - Set what this role CANNOT do on specific fields of one or more content types. For example, the role can ‘READ’ but cannot ‘UPDATE’ the 'Author Name' field of all entries of the 'Author' content type.
    Exceptions - Specific Fields.png

Exceptions on assets
You can disallow a new role to ‘Read’, ‘Create’, ‘Update’, ‘Publish/Unpublish’, and ‘Delete’ all or specific assets. For example, the role can ‘Read’ all assets but cannot ‘Update’ them.

Exceptions Assets.png

Tutorial Video

Let's create a new custom role, and give this role certain permissions on the News Articles content type as well as the assets associated with the content type.

How to create a Custom Role

Update a role

Only the stack owner, or a Developer (user assigned with the ‘Developer’ role) who created the role, can update a particular role.

To update a role, the stack owner or the Developer needs to perform the following steps:

  1. Hover on the SETTINGS tab and select Roles.
  2. Under the PERMISSIONS section, update the permissions that you assigned to the role. You can make changes to ‘Entry-/Field-level permissions’ and/or to ‘Asset-level permissions’. You can also make changes to the Publishing Environments, or the Languages sections.
  3. Click on Save.

Delete a role

Similar to the ‘Update role’ section, only the stack owner or a Developer (user assigned with the ‘Developer’ role) who created the role, can delete a particular role.

To delete a role, the stack owner or the Developer need to perform the following steps:

  1. Hover on the SETTINGS icon and select Roles. You will find a list of roles.
  2. Hover over the role you wish to delete and click on the ‘more options’ icon (three vertical dots) that appear on the right-hand side and select Delete.
  3. Click on ‘Delete’ again to confirm your action.

Note: The stack owner can delete all the roles.

Assign a role to a user

Only the stack owner, or a Developer (user assigned with the ‘Developer’ role) who has invited a user, can assign a particular role to that user.

To update the roles assigned to existing users, the stack owner or the Developer needs to perform the following steps:

  1. Hover on the SETTINGS icon and select Users.
  2. Click on the user whose roles you wish to update.
  3. In the Update User window, click on the Roles section and check the roles that you wish to assign.
  4. Click on Update.

You can assign roles to users when you add them. To learn how to assign a specific role to a new user, refer the ‘Add a new User’ section.

Note: The Owner can assign roles to all users of the stack.

Permissions examples

Since you can create roles with various permissions, we have listed down examples of some common scenarios.

Entry-level permissions

Scenario 1: Create a role that has all permissions to all entries of specific content types.

Example: All permissions to the 'Products' content type

To do this, follow the steps given below:

  1. Click New Role and add relevant Name and Description.
  2. Under Entries in the Permissions section, go to All Entries of Content Types and click + Add rule.
  3. Select All Permissions in the Select Permissions field.
  4. In the next field, click and select Specific Content Types.
  5. Click the Select Content Types button that appears.
  6. In the new dialog that opens, select the content types (e.g., Products) to which you want to assign the permissions. Then, click Add Content Types.
    Example - Entry-level permissions - Scenario 1.png
  7. Save the role.

Tutorial Video

Let's create a role that has all permissions to all entries of specific content types.

How to create a Custom Role


Scenario 2: Create a role that has specific permissions to all entries of specific content types.

Example: READ permission to the Products content type

  1. Click New Role and add relevant Name and Description.
  2. Under Entries in the Permissions section, go to All Entries of Content Types and click + Add rule.
  3. Select the READ permission in the Select Permissions field.
  4. In the next field, click and select Specific Content Types.
  5. Click the Select Content Types button that appears.
  6. In the new dialog that opens, select the content types (e.g., Products) to which you want to assign the permissions. Then, click Add Content Types.
    Example - Entry-level permissions - Scenario 2.png
  7. Save the role.

Tutorial Video

Let's create a role that has all permissions to all entries of all content types. But the role CANNOT read a specific entry of a content type.

How to create a Custom Role


Scenario 3: Create a role that has all permissions to all entries of all content types. But the role CANNOT read a specific entry of a content type.

Example: CANNOT READ the ‘Introducing iPhone X’ entry of the Products content type.

  1. Click New Role and add relevant Name and Description.
  2. Under Entries in the Permissions section, go to All Entries of Content Types and click + Add rule.
  3. Select All Permissions in the Select Permissions field.
  4. In the next field, select All Content Types.
  5. Scroll down and click the + Add exceptions link.
  6. Under Specific Entries, click + Add rule.
  7. Under Permissions, select Read (you will see that All Permissions will be selected by default). Then, click Select Content Type, and select a content type (e.g., Products). And finally, select the entry to which you want to restrict read access (e.g., Introducing iPhone X). Click Add Entries.
  8. Save the role.

Tutorial Video

Let's create a role that has all permissions to all entries of all content types. But the role CANNOT read a specific entry of a content type.

How to create a Custom Role

Field-level permissions

Scenario 4: Create a role that has all permissions to all entries of all content types. But the role CANNOT edit a specific field of a content type.

Example: CANNOT EDIT the Description field of the Products content type.

  1. Click New Role and add relevant Name and Description.
  2. Under Entries in the Permissions section, go to All Entries of Content Types and click + Add rule.
  3. Select All Permissions in the Select Permissions field.
  4. In the next field, select All Content Types.
  5. Scroll down and click the + Add exceptions link. Under Specific Fields, click + Add rule.
  6. Under Permissions, select Edit. Then, click Select Content Type, and select a content type (e.g., Products). And finally, select the field to which you want to restrict edit access (e.g., Description). Click Add Entries.
  7. Save the role.

Tutorial Video

Let's create a role that has all permissions to all entries of all content types. But the role CANNOT edit a specific field of a content type.

How to create a Custom Role

Asset-level permissions

Scenario 5: Create a role that has specific permissions on specific assets.

Example: READ only ‘Image 1’ and ‘Image 2’.

  1. Click New Role and add relevant Name and Description.
  2. Under Assets in the Permissions section, click + Add rule.
  3. Select the required permissions (e.g., Read) in the Select Permissions field.
  4. In the next field, select Specific Assets. Then, click the Select Assets button that appears. You can then select the assets (e.g., Image 1 and Image 2) to which you want to assign the selected permissions.
  5. Save the role.

Tutorial Video

Let's create a role that has specific permissions on specific assets.

How to create a Custom Role
Was this article helpful?

Continue Reading...

top-arrow