Space roles are sets of predefined permissions that can be assigned to users within a space. Typically they are used to restrict or allow access to certain content areas. Keep in mind that roles make sense only within spaces, not throughout the entire platform.
A user can have different roles in different spaces. In most plans, Contentful comes with three predefined roles: editor, developer, and administrator.
Our enterprise plans allow you to customize the roles in each of your spaces.
No, each user can only have one role per space. However, a user can have a different role in each space, and each role can be assigned to multiple users.
Under your Space Settings, select 'Roles'. Here you will see a list of the existing roles and how many members are assigned to each role. Click 'Create new role' on the right sidebar, define the role's permissions and exceptions, then hit 'Save changes'.
To assign a user to a role, you can either navigate to the 'Users' page (under your Space Settings) or simply click on the number of members to the right of the role name. For existing Space members, click on the '…' and select 'Change role'. Otherwise click the 'Invite new users to this space' button in the sidebar and select the role from the dropdown menu.
You can also create and define custom roles via our Content Management API.
Custom roles allow you to create arbitrary rule sets & restrictions for groups of users in your space. Some examples of custom roles are:
Our enterprise plans allow you to define custom space roles with entirely customized sets of permissions. These permissions are defined as a list of things a user is allowed to do, and a list of "exceptions": things a user will not be allowed to do. Each one of these permissions or exceptions applies to either entries or assets, and is made up of 3 parts:
When the action part of a rule is "Edit", there are 2 additional parameters that let you create fine-grained rules:
There are 6 actions that can be restricted:
Read: can users view these content items at all?
Items which a user does not have permission to read will be hidden in the entry list. When an entry the user can read contains a link to an item the user cannot read, they will be shown a warning the item either doesn't exist or can't be shown to them.
Edit: can users change this content?
A user who cannot change content may still be able to see it, but in a read-only state. Editing can be restricted not only to content types, but also to individual fields or languages.
Create: can users create new content?
This rule can be restricted to a particular content type, for example to allow users to create new "Post" entries but not new "Category" entries.
Publish/Unpublish: can users publish or unpublish content?
When a user cannot publish content, the green 'publish' button will be grayed and unclickable. The entry will remain as a draft until a user with permission to publish comes along.
Archive/Unarchive: can users archive or unarchive this content?
Delete: can users remove this content?
Note that Contentful requires content to be unpublished before deletion. This means a role that can delete content but not unpublish will only be able to remove drafts.
Currently it's not possible to define permissions on an individual entry or asset.