Sorry, no results found for "".

Show examples in:
Javascript HTTP
Endpoint info
Available examples

Content Management API > Role

Create a new role

When creating roles you can pass a number of project-wide permissions, plus more granular permissions on models and build triggers.

For models you can specify the action that can be done, on which models and on records created by who.

The actions that can be performed are:

  • all: everything
  • read: read-only
  • update: update records, to be used together with read if you want to be able to read and update
  • create: create new records
  • delete: delete records
  • publish: mark a record as published
  • edit_creator: change the creator of a record
  • take_over: when two people are working on the same record, you can take over the control of the record

Then you should specify the models on which the actions should be performed.

Finally you have the option to specify if you can perform the allowed actions on records created by:

  • anyone: meaning every record
  • self: only on records created by the user
  • role: only on records created by users with the same role

The resulting object should look something like this:

{
action: 'all',
item_type: { type: 'item_type', id: '44' },
onCreator: 'self'
}

Body parameters

name string Required

The name of the role

Example: "Editor"
can_edit_favicon boolean Optional

Can edit favicon, global SEO settings and no-index policy

can_edit_site boolean Optional

Can change project global properties

can_edit_schema boolean Optional

Can create/edit models and plugins

can_manage_menu boolean Optional

Can customize content navigation bar

can_edit_environment boolean Optional

Can change locales, timezone and UI theme

can_promote_environments boolean Optional

Can promote environments to primary and manage maintenance mode

environments_access enum Optional

Specifies the environments the user can access

Example: "primary_only"
all Optional

Can access all environments

primary_only Optional

Can access primary environment only

sandbox_only Optional

Can access sandbox environments only

can_manage_users boolean Optional

Can create/edit roles and invite/remove collaborators

can_manage_shared_filters boolean Optional

Can create/edit shared filters (both for models and the media area)

can_manage_upload_collections boolean Optional

Can create/edit upload collections

can_manage_build_triggers boolean Optional

Can create/edit Build triggers

can_manage_webhooks boolean Optional

Can create/edit webhooks

can_manage_environments boolean Optional

Can create/delete sandbox environments and promote them to primary environment

can_manage_sso boolean Optional

Can manage Single Sign-On settings

can_access_audit_log boolean Optional

Can access Audit Log

can_manage_workflows boolean Optional

Can create/edit workflows

can_manage_access_tokens boolean Optional

Can manage API tokens

can_perform_site_search boolean Optional

Can perform Site Search API calls

can_access_build_events_log boolean Optional

Can access the build events log

positive_item_type_permissions Optional

Allowed actions on a model (or all) for a role

Type: Array<object>
environment string Required

ID of environment. Can only contain lowercase letters, numbers and dashes

Example: "main"
action enum Required

Permitted action

Example: "all"
all Optional
read Optional
update Optional
create Optional
duplicate Optional
delete Optional
publish Optional
edit_creator Optional
take_over Optional
move_to_stage Optional
item_type undefined Optional
workflow undefined Optional
on_stage null, string Optional
to_stage null, string Optional
on_creator enum, null Optional

Permitted creator

Example: "self"
anyone Optional

Created by anyone

self Optional

Created by the user itself

role Optional

Created by a user with the same role

localization_scope enum, null Optional

Permitted content scope

Example: "all"
all Optional

Any content (localized/unlocalized)

localized Optional

Content under a specific locale (locale must be defined)

not_localized Optional

Non-localized content

locale string, null Optional

Permitted localized content in this locale. Required when localization_scope is localized

Example: "en"
negative_item_type_permissions Optional

Prohibited actions on a model (or all) for a role

Type: Array<object>
environment string Required

ID of environment. Can only contain lowercase letters, numbers and dashes

Example: "main"
action enum Required

Permitted action

Example: "all"
all Optional
read Optional
update Optional
create Optional
duplicate Optional
delete Optional
publish Optional
edit_creator Optional
take_over Optional
move_to_stage Optional
item_type undefined Optional
workflow undefined Optional
on_stage null, string Optional
to_stage null, string Optional
on_creator enum, null Optional

Permitted creator

Example: "self"
anyone Optional

Created by anyone

self Optional

Created by the user itself

role Optional

Created by a user with the same role

localization_scope enum, null Optional

Permitted content scope

Example: "all"
all Optional

Any content (localized/unlocalized)

localized Optional

Content under a specific locale (locale must be defined)

not_localized Optional

Non-localized content

locale string, null Optional

Permitted localized content in this locale. Required when localization_scope is localized

Example: "en"
positive_upload_permissions Optional

Allowed actions on a model (or all) for a role

Type: Array<object>
action enum Required

Permitted action

Example: "all"
all Optional
read Optional
update Optional
create Optional
delete Optional
edit_creator Optional
replace_asset Optional
environment string Required

ID of environment. Can only contain lowercase letters, numbers and dashes

Example: "main"
on_creator enum, null Optional

Permitted creator

Example: "self"
anyone Optional

Created by anyone

self Optional

Created by the user itself

role Optional

Created by a user with the same role

localization_scope enum, null Optional

Permitted content scope

Example: "all"
all Optional

Any content (localized/unlocalized)

localized Optional

Localized content in specific locale (locale must be defined)

not_localized Optional

Non-localized content

locale string, null Optional

Permitted localized content in this locale. Required when localization_scope is localized

Example: "en"
negative_upload_permissions Optional

Prohibited actions on a model (or all) for a role

Type: Array<object>
action enum Required

Permitted action

Example: "all"
all Optional
read Optional
update Optional
create Optional
delete Optional
edit_creator Optional
replace_asset Optional
environment string Required

ID of environment. Can only contain lowercase letters, numbers and dashes

Example: "main"
on_creator enum, null Optional

Permitted creator

Example: "self"
anyone Optional

Created by anyone

self Optional

Created by the user itself

role Optional

Created by a user with the same role

localization_scope enum, null Optional

Permitted content scope

Example: "all"
all Optional

Any content (localized/unlocalized)

localized Optional

Localized content in specific locale (locale must be defined)

not_localized Optional

Non-localized content

locale string, null Optional

Permitted localized content in this locale. Required when localization_scope is localized

Example: "en"
positive_build_trigger_permissions Optional

Allowed build triggers for a role

Type: Array<object>
build_trigger undefined Optional
negative_build_trigger_permissions Optional

Prohibited build triggers for a role

Type: Array<object>
build_trigger undefined Optional
meta.final_permissions object Required

The final set of permissions considering also inherited roles

can_edit_site boolean Required

Can change project global properties

can_edit_favicon boolean Required

Can edit favicon, global SEO settings and no-index policy

can_edit_schema boolean Required

Can create/edit models and plugins

can_manage_menu boolean Required

Can customize content navigation bar

can_manage_users boolean Required

Can create/edit roles and invite/remove collaborators

can_manage_environments boolean Required

Can create/delete sandbox environments and promote them to primary environment

can_manage_webhooks boolean Required

Can create/edit webhooks

environments_access enum Required

Specifies the environments the user can access

Example: "primary_only"
all Optional

Can access all environments

primary_only Optional

Can access primary environment only

sandbox_only Optional

Can access sandbox environments only

can_manage_sso boolean Required

Can manage Single Sign-On settings

can_access_audit_log boolean Required

Can access Audit Log

can_manage_workflows boolean Required

Can create/edit workflows

can_edit_environment boolean Required

Can change locales, timezone and UI theme

can_promote_environments boolean Required

Can promote environments to primary and manage maintenance mode

can_manage_shared_filters boolean Required

Can create/edit shared filters (both for models and the media area)

can_manage_build_triggers boolean Required

Can create/edit Build triggers

can_manage_upload_collections boolean Required

Can create/edit upload collections

can_manage_access_tokens boolean Required

Can manage API tokens

can_perform_site_search boolean Required

Can perform Site Search API calls

can_access_build_events_log boolean Required

Can access the build events log

positive_item_type_permissions Required

Allowed actions on a model (or all) for a role

Type: Array<object>
environment string Required

ID of environment. Can only contain lowercase letters, numbers and dashes

Example: "main"
action enum Required

Permitted action

Example: "all"
all Optional
read Optional
update Optional
create Optional
duplicate Optional
delete Optional
publish Optional
edit_creator Optional
take_over Optional
move_to_stage Optional
item_type undefined Optional
workflow undefined Optional
on_stage null, string Optional
to_stage null, string Optional
on_creator enum, null Optional

Permitted creator

Example: "self"
anyone Optional

Created by anyone

self Optional

Created by the user itself

role Optional

Created by a user with the same role

localization_scope enum, null Optional

Permitted content scope

Example: "all"
all Optional

Any content (localized/unlocalized)

localized Optional

Content under a specific locale (locale must be defined)

not_localized Optional

Non-localized content

locale string, null Optional

Permitted localized content in this locale. Required when localization_scope is localized

Example: "en"
negative_item_type_permissions Required

Prohibited actions on a model (or all) for a role

Type: Array<object>
environment string Required

ID of environment. Can only contain lowercase letters, numbers and dashes

Example: "main"
action enum Required

Permitted action

Example: "all"
all Optional
read Optional
update Optional
create Optional
duplicate Optional
delete Optional
publish Optional
edit_creator Optional
take_over Optional
move_to_stage Optional
item_type undefined Optional
workflow undefined Optional
on_stage null, string Optional
to_stage null, string Optional
on_creator enum, null Optional

Permitted creator

Example: "self"
anyone Optional

Created by anyone

self Optional

Created by the user itself

role Optional

Created by a user with the same role

localization_scope enum, null Optional

Permitted content scope

Example: "all"
all Optional

Any content (localized/unlocalized)

localized Optional

Content under a specific locale (locale must be defined)

not_localized Optional

Non-localized content

locale string, null Optional

Permitted localized content in this locale. Required when localization_scope is localized

Example: "en"
positive_upload_permissions Required

Allowed actions on a model (or all) for a role

Type: Array<object>
action enum Required

Permitted action

Example: "all"
all Optional
read Optional
update Optional
create Optional
delete Optional
edit_creator Optional
replace_asset Optional
environment string Required

ID of environment. Can only contain lowercase letters, numbers and dashes

Example: "main"
on_creator enum, null Optional

Permitted creator

Example: "self"
anyone Optional

Created by anyone

self Optional

Created by the user itself

role Optional

Created by a user with the same role

localization_scope enum, null Optional

Permitted content scope

Example: "all"
all Optional

Any content (localized/unlocalized)

localized Optional

Localized content in specific locale (locale must be defined)

not_localized Optional

Non-localized content

locale string, null Optional

Permitted localized content in this locale. Required when localization_scope is localized

Example: "en"
negative_upload_permissions Required

Prohibited actions on a model (or all) for a role

Type: Array<object>
action enum Required

Permitted action

Example: "all"
all Optional
read Optional
update Optional
create Optional
delete Optional
edit_creator Optional
replace_asset Optional
environment string Required

ID of environment. Can only contain lowercase letters, numbers and dashes

Example: "main"
on_creator enum, null Optional

Permitted creator

Example: "self"
anyone Optional

Created by anyone

self Optional

Created by the user itself

role Optional

Created by a user with the same role

localization_scope enum, null Optional

Permitted content scope

Example: "all"
all Optional

Any content (localized/unlocalized)

localized Optional

Localized content in specific locale (locale must be defined)

not_localized Optional

Non-localized content

locale string, null Optional

Permitted localized content in this locale. Required when localization_scope is localized

Example: "en"
positive_build_trigger_permissions Required

Allowed build triggers for a role

Type: Array<object>
build_trigger undefined Optional
negative_build_trigger_permissions Required

Prohibited build triggers for a role

Type: Array<object>
build_trigger undefined Optional
inherits_permissions_from Optional

The roles from which this role inherits permissions

Returns

Returns a resource object of type role

Examples

import { buildClient } from "@datocms/cma-client-node";
async function run() {
const client = buildClient({ apiToken: process.env.DATOCMS_API_TOKEN });
const role = await client.roles.create({ name: "Editor" });
// Check the 'Returned output' tab for the result ☝️
console.log(role);
}
run();
{
id: "34",
name: "Editor",
can_edit_site: true,
can_edit_favicon: true,
can_edit_schema: true,
can_manage_menu: true,
can_manage_users: true,
can_manage_shared_filters: true,
can_manage_upload_collections: true,
can_manage_environments: true,
can_manage_webhooks: true,
environments_access: "primary_only",
can_manage_sso: true,
can_access_audit_log: true,
can_manage_workflows: true,
can_edit_environment: true,
can_promote_environments: true,
can_manage_build_triggers: true,
can_manage_access_tokens: true,
can_perform_site_search: true,
can_access_build_events_log: true,
positive_item_type_permissions: [{ environment: "main", action: "all" }],
negative_item_type_permissions: [{ environment: "main", action: "all" }],
positive_upload_permissions: [{ action: "all", environment: "main" }],
negative_upload_permissions: [{ action: "all", environment: "main" }],
positive_build_trigger_permissions: [{}],
negative_build_trigger_permissions: [{}],
meta: {
final_permissions: {
can_edit_site: true,
can_edit_favicon: true,
can_edit_schema: true,
can_manage_menu: true,
can_manage_users: true,
can_manage_environments: true,
can_manage_webhooks: true,
environments_access: "primary_only",
can_manage_sso: true,
can_access_audit_log: true,
can_manage_workflows: true,
can_edit_environment: true,
can_promote_environments: true,
can_manage_shared_filters: true,
can_manage_build_triggers: true,
can_manage_upload_collections: true,
can_manage_access_tokens: true,
can_perform_site_search: true,
can_access_build_events_log: true,
positive_item_type_permissions: [{ environment: "main", action: "all" }],
negative_item_type_permissions: [{ environment: "main", action: "all" }],
positive_upload_permissions: [{ action: "all", environment: "main" }],
negative_upload_permissions: [{ action: "all", environment: "main" }],
positive_build_trigger_permissions: [{}],
negative_build_trigger_permissions: [{}],
},
},
inherits_permissions_from: [{ type: "role", id: "34" }],
}