When creating roles you can pass a number of project-wide permissions, plus more granular permissions on models and build triggers.
For models you can specify the action that can be done, on which models and on records created by who.
The actions that can be performed are:
all
: everythingread
: read-onlyupdate
: update records, to be used together with read
if you want to be able to read and updatecreate
: create new recordsdelete
: delete recordspublish
: mark a record as publishededit_creator
: change the creator of a recordtake_over
: when two people are working on the same record, you can take over the control of the recordThen you should specify the models on which the actions should be performed.
Finally you have the option to specify if you can perform the allowed actions on records created by:
anyone
: meaning every recordself
: only on records created by the userrole
: only on records created by users with the same roleThe resulting object should look something like this:
{action: 'all',item_type: { type: 'item_type', id: '44' },onCreator: 'self'}
The name of the role
Can edit favicon, global SEO settings and no-index policy
Can change project name and 2FA settings
Can create/edit models and plugins
Can customize content navigation bar
Can change locales, timezone and UI theme
Can promote environments to primary and manage maintenance mode
Specifies the environments the user can access
Can create/edit roles and invite/remove collaborators
Can create/edit shared filters (both for models and the media area)
Can create/edit Build triggers
Can create/edit webhooks
Can create/delete sandbox environments and promote them to primary environment
Can manage Single Sign-On settings
Can access Audit Log
Can create/edit workflows
Can manage API tokens
Can perform Site Search API calls
Can access the build events log
Allowed actions on a model (or all) for a role
Prohibited actions on a model (or all) for a role
Allowed actions on a model (or all) for a role
Prohibited actions on a model (or all) for a role
Allowed build triggers for a role
Prohibited build triggers for a role
The final set of permissions considering also inherited roles
The roles from which this role inherits permissions
import { buildClient } from '@datocms/cma-client-node';async function run() {const client = buildClient({ apiToken: '<YOUR_API_TOKEN>' });const role = await client.roles.create({name: 'Editor',can_edit_favicon: true,can_edit_site: true,can_edit_schema: true,can_manage_menu: true,can_edit_environment: true,can_promote_environments: true,environments_access: 'primary_only',can_manage_users: true,can_manage_shared_filters: true,can_manage_build_triggers: true,can_manage_webhooks: true,can_manage_environments: true,can_manage_sso: true,can_access_audit_log: true,can_manage_workflows: true,can_manage_access_tokens: true,can_perform_site_search: true,can_access_build_events_log: true,positive_item_type_permissions: [{item_type: '44',workflow: '439239',on_stage: '',to_stage: '',environment: 'main',action: 'all',on_creator: 'self',localization_scope: 'all',locale: 'en'}],negative_item_type_permissions: [{item_type: '44',workflow: '439239',on_stage: '',to_stage: '',environment: 'main',action: 'all',on_creator: 'self',localization_scope: 'all',locale: 'en'}],positive_upload_permissions: [{environment: 'main',action: 'all',on_creator: 'self',localization_scope: 'all',locale: 'en'}],negative_upload_permissions: [{environment: 'main',action: 'all',on_creator: 'self',localization_scope: 'all',locale: 'en'}],positive_build_trigger_permissions: [{build_trigger: '1822'}],negative_build_trigger_permissions: [{build_trigger: '1822'}],meta: {final_permissions: {can_edit_favicon: true,can_edit_site: true,can_edit_schema: true,can_manage_menu: true,can_edit_environment: true,can_promote_environments: true,environments_access: 'primary_only',can_manage_users: true,can_manage_shared_filters: true,can_manage_build_triggers: true,can_manage_webhooks: true,can_manage_environments: true,can_manage_sso: true,can_access_audit_log: true,can_manage_workflows: true,can_manage_access_tokens: true,can_perform_site_search: true,can_access_build_events_log: true,positive_item_type_permissions: [{item_type: '44',workflow: '439239',on_stage: '',to_stage: '',environment: 'main',action: 'all',on_creator: 'self',localization_scope: 'all',locale: 'en'}],negative_item_type_permissions: [{item_type: '44',workflow: '439239',on_stage: '',to_stage: '',environment: 'main',action: 'all',on_creator: 'self',localization_scope: 'all',locale: 'en'}],positive_upload_permissions: [{environment: 'main',action: 'all',on_creator: 'self',localization_scope: 'all',locale: 'en'}],negative_upload_permissions: [{environment: 'main',action: 'all',on_creator: 'self',localization_scope: 'all',locale: 'en'}],positive_build_trigger_permissions: [{build_trigger: '1822'}],negative_build_trigger_permissions: [{build_trigger: '1822'}]}},inherits_permissions_from: [{type: 'role',id: '34'}]});console.log(role);}run();
{id: '34',name: 'Editor',can_edit_favicon: true,can_edit_site: true,can_edit_schema: true,can_manage_menu: true,can_edit_environment: true,can_promote_environments: true,environments_access: 'primary_only',can_manage_users: true,can_manage_shared_filters: true,can_manage_build_triggers: true,can_manage_webhooks: true,can_manage_environments: true,can_manage_sso: true,can_access_audit_log: true,can_manage_workflows: true,can_manage_access_tokens: true,can_perform_site_search: true,can_access_build_events_log: true,positive_item_type_permissions: [{item_type: '44',workflow: '439239',on_stage: '',to_stage: '',environment: 'main',action: 'all',on_creator: 'self',localization_scope: 'all',locale: 'en'}],negative_item_type_permissions: [{item_type: '44',workflow: '439239',on_stage: '',to_stage: '',environment: 'main',action: 'all',on_creator: 'self',localization_scope: 'all',locale: 'en'}],positive_upload_permissions: [{environment: 'main',action: 'all',on_creator: 'self',localization_scope: 'all',locale: 'en'}],negative_upload_permissions: [{environment: 'main',action: 'all',on_creator: 'self',localization_scope: 'all',locale: 'en'}],positive_build_trigger_permissions: [{build_trigger: '1822'}],negative_build_trigger_permissions: [{build_trigger: '1822'}],meta: {final_permissions: {can_edit_favicon: true,can_edit_site: true,can_edit_schema: true,can_manage_menu: true,can_edit_environment: true,can_promote_environments: true,environments_access: 'primary_only',can_manage_users: true,can_manage_shared_filters: true,can_manage_build_triggers: true,can_manage_webhooks: true,can_manage_environments: true,can_manage_sso: true,can_access_audit_log: true,can_manage_workflows: true,can_manage_access_tokens: true,can_perform_site_search: true,can_access_build_events_log: true,positive_item_type_permissions: [{item_type: '44',workflow: '439239',on_stage: '',to_stage: '',environment: 'main',action: 'all',on_creator: 'self',localization_scope: 'all',locale: 'en'}],negative_item_type_permissions: [{item_type: '44',workflow: '439239',on_stage: '',to_stage: '',environment: 'main',action: 'all',on_creator: 'self',localization_scope: 'all',locale: 'en'}],positive_upload_permissions: [{environment: 'main',action: 'all',on_creator: 'self',localization_scope: 'all',locale: 'en'}],negative_upload_permissions: [{environment: 'main',action: 'all',on_creator: 'self',localization_scope: 'all',locale: 'en'}],positive_build_trigger_permissions: [{build_trigger: '1822'}],negative_build_trigger_permissions: [{build_trigger: '1822'}]}},inherits_permissions_from: [{type: 'role',id: '34'}]}