Roles and Permissions for Compose
Compose permissions are defined by Contentful standard content and media permission rules. To learn general principles on how roles and permissions work in Contentful, please refer to Space roles and permissions.
This guide focuses mainly on Compose-specific use cases and provides best practices on setting up roles for Compose users.
To learn how to automate your role provisioning, please read the guide on how to manage user roles and permissions via the Content Management API.
Compose roles - use cases
Below are the recommendations on setting up some specific role types for Compose users.
Granting access to a specific page type
Granting users an access to a specific page type in Compose can be achieved by creating a role that enables the user to access only page entries of a specific page type and all entries that are linked to the page.
To achieve this, under the Content tab of the role editor page create a new allow rule, select the required action option and select the page type that the user will be allowed to access.
For the user to have access to a specific page type in Compose, the allow rules for the following content types must be created:
- The page type
- The content types of all entries referenced by the page type.
The screenshot below shows an example role for an Editor that can manage all page entries of the “Article” page type.
Granting access to a specific page
Granting a user access to a specific page in Compose can be achieved by creating a role that enables the user to access only that specific page and all entries that are linked to the page. There are the following ways of achieving this outcome:
- Limiting access based on the specific entry IDs - You can limit the user to be able to manage a specific page in Compose by providing this user with access to this specific page, the entries that the page contains and the entries that are linked by it. To achieve this, under the Content tab of the role editor page create a new allow rule, select the required action option and A specific entry as an allowed entry type. Then, in the Add existing entry window, select the entry that the user will be allowed to access. Repeat these steps to create allow rules for other entries that are linked to the page.
The screenshot below shows an example role for an Editor that can edit and publish the homepage and all of its existing linked entries (but can not create new linked entries).
- Limiting access based on tags. Compose itself does not support adding tags, however the web app can be used to add a tag to all entries the user should be able to access. This option is more flexible than option 1 and supports granting access to multiple pages with less overhead. To learn how to create and add tags, please refer to Creating tags. For explanations on how to use tags to restrict access please read Content permissions with tags.
Publishing with limited access
A user can be enabled to publish pages, even if this user does not have access to publishing all entries and assets that this page contains. To be able to publish a page, the user has to have at least access to publish the page type of the current page. If the user does not have access to publish other entries, these entries will be indicated when publishing the page. The user can then decide if to proceed with publishing.
Required read access
To ensure optimal experience in Compose for the users, it is required to grant all user roles a read access to entries of at least the following content types:
- Page types: If a user doesn't have access to read a page type, the user won't be able to view pages of this page type in Compose.
- A user should have access to all entries that are contained in the pages. If a user doesn't have access to read an entry, the entry won't be displayed or won't be accessible.
Required access to create pages
To enable a user to create a page, it is required to add create permissions to the user's role for at least the following content types:
- Page types: A user should be granted access to create at least one specific page type to be able to create new pages.
- Linked content types: All content types (and other nested content types) that can be linked from a page.
Below are described the key limitations you might encounter when trying to solve certain governance aspects.
Limiting user access to Compose
It is not possible to restrict user access to Compose only. User permissions are granted for the API, the web app and any other Contentful app.