Manage access to environments

Under Access to environments, you can choose one of the following options:

• Manage and use all environments - Grants full access to all environments within the space. The user can manage all content and tags, depending on the role’s assigned permissions.

• Select environments or aliases to give access - Allows you to select specific environments and configure granular permissions for each. For example, you can give read-only access in Production and full edit rights in Development.

• Master environment only (default) - Allows you to set your role to access only the master environment. The role won't be able to access non-master environments.

• Selected environments - Allows you to select one or multiple specific environments your role will be able to access.

• Manage and use all environments - Allows you to set a role to access all environments in a space.

NOTE: With the “Manage and use all environments” permission, the role’s access to master environment content is defined by its content and media permissions. In sandbox environments, this role has full access to all content.

NOTE: A space Administrator role has full access to all environments (including the master environment) and their content.

To configure a role's access to environments:

1. Go to the Environments tab in the Role editor page.

2. Under the Access to environments area, select the required environments' access level. If you selected the Selected environments option, please continue to step 3 in How to configure access to a selected environment.

3. Optional: Under the Manage entities in master/ Manage entities in selected environments area, select the slider(s) to enable the user to create, edit and delete content types and/ or tags.

4. Optional (only for Manage and use all environments option): Under the Manage environments area, select the slider to enable the user to create environment aliases and change their target environment.

5. Click Save changes to save the role.

To configure a role's access to a selected environment:

1. Go to the Environments tab in the Role editor page.

2. Under the Access to environments area, select the Selected environments option.

3. Under the Allowed environments area, select the environment you would like your role to be able to access. The environment is added to the Allowed environments list.

4. Optional: Repeat step 3 to add another environment to the Allowed environments list.

5. Optional: To remove an environment from the Allowed environments list, click on X button against this environment.

6. Finish setting environments permissions starting from step 3 in How to configure access to environments.

When multiple roles are assigned to a single user, the environment access options and related content policies for those roles will be merged. Different environment access options defined in these roles override or combine each other according to the following principles:

• “Manage and use all environments” option overrides the “Selected environments” option. 
  

  NOTE: The “Manage and use all environments” option is equivalent to setting the Environment permission to “all”. You can read more about this override here. If it is set in any of the roles assigned to a user, this user can access all environments, and any content- or media-related Allow or Deny rule only applies to the master environment. Other environments are fully accessible without restrictions.

• “Selected environments” option overrides the “Master environment only” option.

  NOTE: The “Selected environments” option needs to explicitly define all environments that a user is allowed to access. A user doesn’t have access to the master environment unless the master environment is added as one of “Allowed environments”.

• “Selected environments” options combine to cover all “Allowed environments” across roles.
  

  NOTE: All content- or media-related Allow and Deny rules defined in either of the roles are combined and apply to all environments selected for access in either of the rules. This means that the user has the same content and media restrictions in all selected environments, no matter in which of the roles those rules were defined.

The table and comments below explain how an example combination of roles with different environment permissions assigned to the same user affects the user’s access to environments.

You can configure a role’s access to specific environments under the Environments tab in the Role editor. With granular environment permissions enabled for your organization, you can define different access levels per environment, giving administrators more precise control.

This feature allows you to:

• Grant read-only or read/write permissions to content types and tags per environment.

• Protect production environments while allowing more flexible access in staging or development.

• Prevent accidental edits to live content by limiting create/edit/delete actions.

When granular environment permissions are activated, the Access to environments section displays detailed permission options for each environment, as shown below:

(Admins can adjust these per environment as needed.)

NOTE: To learn more about how content and media permissions combine when multiple roles are assigned to a single user, please refer to Assigning multiple roles to a user.