Sorry, no results found for "".
When creating roles you can pass a number of project-wide permissions, plus more granular permissions on models and build triggers.
For models you can specify the action that can be done, on which models and on records created by who.
The actions that can be performed are:
all
: everythingread
: read-onlyupdate
: update records, to be used together with read
if you want to be able to read and updatecreate
: create new recordsdelete
: delete recordspublish
: mark a record as publishededit_creator
: change the creator of a recordtake_over
: when two people are working on the same record, you can take over the control of the recordThen you should specify the models on which the actions should be performed.
Finally you have the option to specify if you can perform the allowed actions on records created by:
anyone
: meaning every recordself
: only on records created by the userrole
: only on records created by users with the same roleThe resulting object should look something like this:
The name of the role
"Editor"
Can edit favicon, global SEO settings and no-index policy
Can change project global properties
Can create/edit models and plugins
Can customize content navigation bar
Can change locales, timezone and UI theme
Can promote environments to primary and manage maintenance mode
Specifies the environments the user can access
"primary_only"
Can access all environments
Can access primary environment only
Can access sandbox environments only
Can create/edit roles and invite/remove collaborators
Can create/edit shared filters (both for models and the media area)
Can create/edit upload collections
Can create/edit Build triggers
Can create/edit webhooks
Can create/delete sandbox environments and promote them to primary environment
Can manage Single Sign-On settings
Can access Audit Log
Can create/edit workflows
Can manage API tokens
Can perform Site Search API calls
Can access the build events log
Allowed actions on a model (or all) for a role
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted action
"all"
Permitted creator
"self"
Created by anyone
Created by the user itself
Created by a user with the same role
Permitted content scope
"all"
Any content (localized/unlocalized)
Content under a specific locale (locale
must be defined)
Non-localized content
Permitted localized content in this locale. Required when localization_scope
is localized
"en"
Prohibited actions on a model (or all) for a role
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted action
"all"
Permitted creator
"self"
Created by anyone
Created by the user itself
Created by a user with the same role
Permitted content scope
"all"
Any content (localized/unlocalized)
Content under a specific locale (locale
must be defined)
Non-localized content
Permitted localized content in this locale. Required when localization_scope
is localized
"en"
Allowed actions on a model (or all) for a role
Permitted action
"all"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"self"
Created by anyone
Created by the user itself
Created by a user with the same role
Permitted content scope
"all"
Any content (localized/unlocalized)
Localized content in specific locale (locale
must be defined)
Non-localized content
Permitted localized content in this locale. Required when localization_scope
is localized
"en"
Prohibited actions on a model (or all) for a role
Permitted action
"all"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"self"
Created by anyone
Created by the user itself
Created by a user with the same role
Permitted content scope
"all"
Any content (localized/unlocalized)
Localized content in specific locale (locale
must be defined)
Non-localized content
Permitted localized content in this locale. Required when localization_scope
is localized
"en"
Allowed build triggers for a role
Prohibited build triggers for a role
The final set of permissions considering also inherited roles
Can change project global properties
Can edit favicon, global SEO settings and no-index policy
Can create/edit models and plugins
Can customize content navigation bar
Can create/edit roles and invite/remove collaborators
Can create/delete sandbox environments and promote them to primary environment
Can create/edit webhooks
Specifies the environments the user can access
"primary_only"
Can access all environments
Can access primary environment only
Can access sandbox environments only
Can manage Single Sign-On settings
Can access Audit Log
Can create/edit workflows
Can change locales, timezone and UI theme
Can promote environments to primary and manage maintenance mode
Can create/edit shared filters (both for models and the media area)
Can create/edit Build triggers
Can create/edit upload collections
Can manage API tokens
Can perform Site Search API calls
Can access the build events log
Allowed actions on a model (or all) for a role
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted action
"all"
Permitted creator
"self"
Created by anyone
Created by the user itself
Created by a user with the same role
Permitted content scope
"all"
Any content (localized/unlocalized)
Content under a specific locale (locale
must be defined)
Non-localized content
Permitted localized content in this locale. Required when localization_scope
is localized
"en"
Prohibited actions on a model (or all) for a role
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted action
"all"
Permitted creator
"self"
Created by anyone
Created by the user itself
Created by a user with the same role
Permitted content scope
"all"
Any content (localized/unlocalized)
Content under a specific locale (locale
must be defined)
Non-localized content
Permitted localized content in this locale. Required when localization_scope
is localized
"en"
Allowed actions on a model (or all) for a role
Permitted action
"all"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"self"
Created by anyone
Created by the user itself
Created by a user with the same role
Permitted content scope
"all"
Any content (localized/unlocalized)
Localized content in specific locale (locale
must be defined)
Non-localized content
Permitted localized content in this locale. Required when localization_scope
is localized
"en"
Prohibited actions on a model (or all) for a role
Permitted action
"all"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"self"
Created by anyone
Created by the user itself
Created by a user with the same role
Permitted content scope
"all"
Any content (localized/unlocalized)
Localized content in specific locale (locale
must be defined)
Non-localized content
Permitted localized content in this locale. Required when localization_scope
is localized
"en"
Allowed build triggers for a role
Prohibited build triggers for a role
The roles from which this role inherits permissions
Returns a resource object of type role
import { buildClient } from "@datocms/cma-client-node";
async function run() { const client = buildClient({ apiToken: process.env.DATOCMS_API_TOKEN });
const role = await client.roles.create({ name: "Editor" });
// Check the 'Returned output' tab for the result ☝️ console.log(role);}
run();
{ id: "34", name: "Editor", can_edit_site: true, can_edit_favicon: true, can_edit_schema: true, can_manage_menu: true, can_manage_users: true, can_manage_shared_filters: true, can_manage_upload_collections: true, can_manage_environments: true, can_manage_webhooks: true, environments_access: "primary_only", can_manage_sso: true, can_access_audit_log: true, can_manage_workflows: true, can_edit_environment: true, can_promote_environments: true, can_manage_build_triggers: true, can_manage_access_tokens: true, can_perform_site_search: true, can_access_build_events_log: true, positive_item_type_permissions: [{ environment: "main", action: "all" }], negative_item_type_permissions: [{ environment: "main", action: "all" }], positive_upload_permissions: [{ action: "all", environment: "main" }], negative_upload_permissions: [{ action: "all", environment: "main" }], positive_build_trigger_permissions: [{}], negative_build_trigger_permissions: [{}], meta: { final_permissions: { can_edit_site: true, can_edit_favicon: true, can_edit_schema: true, can_manage_menu: true, can_manage_users: true, can_manage_environments: true, can_manage_webhooks: true, environments_access: "primary_only", can_manage_sso: true, can_access_audit_log: true, can_manage_workflows: true, can_edit_environment: true, can_promote_environments: true, can_manage_shared_filters: true, can_manage_build_triggers: true, can_manage_upload_collections: true, can_manage_access_tokens: true, can_perform_site_search: true, can_access_build_events_log: true, positive_item_type_permissions: [{ environment: "main", action: "all" }], negative_item_type_permissions: [{ environment: "main", action: "all" }], positive_upload_permissions: [{ action: "all", environment: "main" }], negative_upload_permissions: [{ action: "all", environment: "main" }], positive_build_trigger_permissions: [{}], negative_build_trigger_permissions: [{}], }, }, inherits_permissions_from: [{ type: "role", id: "34" }],}