⚠️Draft Content

Storyblok Raises $80M Series C - Read News

What’s the True Total Price of Enterprise CMS? Find out here.

Skip to main content

Roles & Permissions

Roles are for giving specific permissions to various users in your space. It provides owners and admins greater control over who can publish what, especially for bigger projects. For instance, if you have several authors on your blog, you can give different access permissions to each author. This would minimize the risk of authors getting in each other’s way and provide a robust solution to organizing team coordination.

What are Roles?

Default Roles

Your Storyblok space is set up with three roles by default: Owner, Admin, and Editor.

RoleDescription
OwnerThe user who created the space; can create, update, delete roles and grant permissions. Can also create and update content.
AdminCreates and grants permissions to each custom role. Admin manages users and creates/updates content.
EditorA role that has some limitations by default. This is meant to provide convenience for the user in case they are unsure of what permissions to grant. Editors can create and update content, but cannot manage other users.

Custom Roles

Besides the default roles of Editor and Admin, you are free to create any roles that meet your team's needs. The user creates custom roles to further tailor your experience and manage your team and spaces on Storyblok. You may have designers, translators, or content creators who will not need access to the entire project but rather specific parts of it. This is where custom roles and permissions come in handy.

What are Permissions?

Permissions are rules set within a role that either grant or prevent access to certain aspects of the space.

Permission Types

It is possible to manage permissions at a granular level with Storyblok. This allows you to have more control over your workflow as your team increases in size and variety of roles. For instance, you can have an "English Author" role that only has access to content in the English language, and they will not be able to publish in any other language accidentally.

General

Besides their role as Editors, there is no pre-defined set of permissions you have to use-- you have the freedom to define the level of access for each role depending on your needs.

TypeWhat it involves
Content & EditorThis category encompasses tasks related to managing content, including reading, saving, and publishing it. Specifically, it involves functionalities such as deploying to pipelines, accessing an image or visual editor, and handling Stories by enabling actions like moving a story or altering its slug. Administrators also can grant permissions for hiding content or folders. Additionally, there are options available for managing access to both Draft and Published JSON on custom roles.
Tagsthe management of tags: creating, updating, and deleting
Datasourcesallowing the editing of datasource keys and values
eCommerce appgranting the user access to the eCommerce app
Task appgranting the user access to the Task app

Content

For these permissions, the user has access/rights to edit, view, or deploy if nothing is specified.

TypeWhat it involves
Languagesaccess to specific languages, i.e., restricting a user’s access to content in English, Spanish, French, etc.
Pipelinesrestricts access to specific pipelines that this particular role can deploy to
Folder/content itemrestricts access to specific folders/content

Blocks

Blocks permissions involve granting access to edit specific blocks. Admin is also able to hide certain blocks from specified user Roles.

Datasources

The Datasources category involves permissions to access the key-value pairs within datasources.

Assets

In the Assets category, you can control permissions for editing and uploading assets to specific folders.

Options:

  1. Select Folders:
    • Grant upload access to selected asset folders for this role.
    • When selecting a parent folder, its entire tree will be automatically included.
    • To select a subfolder, ensure that the parent folder is also selected.
  2. Hide Restricted Folders:
    • Hide assets and asset folders (including their subfolders) that the role doesn't have permission to upload to.


How to create roles

On the left-hand navigation, select {1} Settings, then select {2} Roles and click the {3} Add new role button.

An annotated screenshot of the Roles category in settings
1
2
3

Type in a {1} name for the role, and {2} select your permissions

Select {3} Save when you are finished.

Adding {4} a short description is optional.

Add {5} if you want to create a role for an SSO user.

An annotated screenshot of the Roles category in settings
1
2
3
4
5

Creating SSO user role

To create a role for a Single Sign-On (SSO), navigate to the roles tab in settings and click on the checkbox for SSO {1}

1

click the checkbox {1} to indicate this is an SSO role. Next, add the SSO user ID user {2} and click on any checkbox for the default admin {3} or editor {4} user role.

1
2

Assign users to roles in a space

To assign a new user to a role in a space, navigate to the Settings {1} tab and click on the Users {2} tab. Next, add a user to the space using their username or email address if they are in your Organization. Next, click on the Choose role {3} dropdown, select a role for the user, and click on the Send invite {4} button to invite them as new users with the assigned roles.

Adding a new user to a space
1
2
3
4

To modify an existing user's role in a space, Click on Settings {1} and click on the Users {2} tab. Next, click on the ellipses of the selected user and click on Edit {3}.

Editing a user role in a space
1
2
3

Assign the new role to the user and click Save {1}.

Assigning a user to a role
1

How to change permissions

On the left-hand navigation, select {1} Settings, then select {2} Roles and click on the {3} role you would like to edit.

An annotated screenshot of the Roles category in settings
1
2
3

Next, under {1} Permissions, select the {2} category tab from which you wish to edit permissions. {3} Select/deselect your permissions in the expandable lists.

When finished, select {4} Save.

An annotated screenshot of the Roles category in settings
1
2
3
4

Permission for read-only field access

To set a read-only permission for a field, navigate to your Blocks {1} permissions and click on the Block field permissions {2} dropdown. To make a field read-only for the selected role, click the checkbox {3} next to that field. This will prevent users with this role from editing the field's content.

1
2
3

A collaborator is a person who is an explicit member of your project. As an owner of a space, you can choose between different roles or define your own advanced rights (roles) and permissions.

Users and Collaborators

Roles overview

  • Admin
    • Space (Read*)
    • Story (Create, Read, Update, Delete)
    • Component (Create, Read, Update, Delete, Use, Save, Publish)
    • Datasource (Create, Read, Update, Delete, Use)
    • Datasource Entry (Create, Read, Update, Delete, Use)

* Is allowed to see it in the space overview - does not have access to the dashboard.

  • Editor
    • Space (Read*)
    • Story (Create, Read, Update, Delete, Save, Publish)
    • Component (Use in SideBySide Editor)
    • Datasource (Read)
    • Datasource Entry (Read, Update the value's, Export)

* Is allowed to see it in the space overview - does not have access to the dashboard.

  • Advanced Roles
    By default, with Advanced Roles, your Collaborator won't be able to do anything with your space. You can add manage rights by clicking on the permission checkboxes in your 'Settings' menu of the role.