Permission Mappings
The permission mappings configuration file allows you to assign permissions to folders and objects in a Site giving specific Roles rights to the object. The permission mappings config file contains the permissions mappings for the roles defined in the role mappings config file. When applying permissions to Roles, rights are granted by adding permissions inside the tag <allowed-permissions>. Absence of permissions means the permission is denied. Rules have a regex expression that govern the scope of the permissions assigned. A list of available permissions that can be granted to Roles is available after the sample configuration file.
- Permissions are defined per:
site > role > rule
For example, to grant the role component_author the ability to read/write components and read-only to everything else:
1<role name="component_author">
2 <rule regex="/site/website/.*">
3 <allowed-permissions>
4 <permission>Read</permission>
5 </allowed-permissions>
6 </rule>
7 <rule regex="/site/components/.*">
8 <allowed-permissions>
9 <permission>Read</permission>
10 <permission>Write</permission>
11 <permission>Create Content</permission>
12 <permission>Create Folder</permission>
13 </allowed-permissions>
14 </rule>
15 <rule regex="/static-assets/.*">
16 <allowed-permissions>
17 <permission>Read</permission>
18 </allowed-permissions>
19 </rule>
20</role>
A regex of “~DASHBOARD~” governs view access to the publishing workflow related dashboard widgets:
Items Waiting For Approval
Approved Scheduled Items
Recently Published
To grant a role the ability to view these dashboard widgets, simply grant the role the permission Publish to the scope ~DASHBOARD~. For example:
<rule regex="~DASHBOARD~">
<allowed-permissions>
<permission>Publish</permission>
</allowed-permissions>
</rule>
To modify/view the permission mappings for your site in Studio, click on 
at the bottom of the Sidebar, then click on Configurations and select Permissions Mapping from the dropdown list.
Sample
1<?xml version="1.0" encoding="UTF-8"?>
2<!-- permission-mappings-config.xml
3
4 This files contains the permissions mappings for the roles defined in
5 role-mappings-config.xml.
6
7 Permissions are defined per:
8 site > role > rule
9
10 Rules have a regex expression that govern the scope of the permissions assigned.
11
12 Permissions are:
13 - add_remote
14 - cancel_failed_pull
15 - cancel_publish
16 - Change Content Type
17 - clone_content_cmis
18 - commit_resolution
19 - Create Content
20 - Create Folder
21 - Delete
22 - delete_content
23 - encryption_tool
24 - get_publishing_queue
25 - list_cmis
26 - list_remotes
27 - Publish
28 - pull_from_remote
29 - push_to_remote
30 - Read
31 - rebuild_database
32 - remove_remote
33 - resolve_conflict
34 - S3 Read
35 - S3 Write
36 - search_cmis
37 - site_diff_conflicted_file
38 - site_status
39 - upload_content_cmis
40 - webdav_read
41 - webdav_write
42 - Write
43 - write_configuration
44
45 Absence of permissions means the permission is denied.
46
47 For example, to grant the role component_author the ability to read/write
48 components and read-only to everything else:
49
50 <role name="author">
51 <rule regex="/site/website/.*">
52 <allowed-permissions>
53 <permission>Read</permission>
54 </allowed-permissions>
55 </rule>
56 <rule regex="/site/components/.*">
57 <allowed-permissions>
58 <permission>Read</permission>
59 <permission>Write</permission>
60 <permission>Create Content</permission>
61 <permission>Create Folder</permission>
62 </allowed-permissions>
63 </rule>
64 <rule regex="/static-assets/.*">
65 <allowed-permissions>
66 <permission>Read</permission>
67 </allowed-permissions>
68 </rule>
69 </role>
70
71 A regex of "~DASHBOARD~" governs view access to the publishing workflow
72 related dashboard widgets:
73 - Items Waiting For Approval
74 - Approved Scheduled Items
75 - Recently Published
76
77 To grant a role the ability to view these dashboard widgets, simple grant
78 the role the permission Publish to the scope ~DASHBOARD~. For example:
79
80 <rule regex="~DASHBOARD~">
81 <allowed-permissions>
82 <permission>Publish</permission>
83 </allowed-permissions>
84 </rule>
85
86-->
87permissions>
88 <version>12</version>
89 <role name="author">
90 <rule regex="/site/website/.*">
91 <allowed-permissions>
92 <permission>Read</permission>
93 <permission>Write</permission>
94 <permission>Create Content</permission>
95 <permission>Create Folder</permission>
96 <permission>list_cmis</permission>
97 <permission>search_cmis</permission>
98 <permission>clone_content_cmis</permission>
99 <permission>upload_content_cmis</permission>
100 </allowed-permissions>
101 </rule>
102 <rule regex="/site/components|/site/components/.*">
103 <allowed-permissions>
104 <permission>Read</permission>
105 <permission>Write</permission>
106 <permission>Create Content</permission>
107 <permission>Create Folder</permission>
108 <permission>list_cmis</permission>
109 <permission>search_cmis</permission>
110 <permission>clone_content_cmis</permission>
111 <permission>upload_content_cmis</permission>
112 </allowed-permissions>
113 </rule>
114 <rule regex="/static-assets|/static-assets/.*">
115 <allowed-permissions>
116 <permission>Read</permission>
117 <permission>Write</permission>
118 <permission>Create Content</permission>
119 <permission>Create Folder</permission>
120 <permission>list_cmis</permission>
121 <permission>search_cmis</permission>
122 <permission>clone_content_cmis</permission>
123 <permission>upload_content_cmis</permission>
124 </allowed-permissions>
125 </rule>
126 <rule regex=".*">
127 <allowed-permissions>
128 <permission>S3 Read</permission>
129 <permission>S3 Write</permission>
130 </allowed-permissions>
131 </rule>
132 </role>
133 <role name="publisher">
134 <rule regex="/site/.*">
135 <allowed-permissions>
136 <permission>Read</permission>
137 <permission>Write</permission>
138 <permission>Create Content</permission>
139 <permission>Create Folder</permission>
140 <permission>Publish</permission>
141 <permission>list_cmis</permission>
142 <permission>search_cmis</permission>
143 <permission>clone_content_cmis</permission>
144 <permission>upload_content_cmis</permission>
145 </allowed-permissions>
146 </rule>
147 <rule regex="^/site/(?!website/index\.xml)(.*)">
148 <allowed-permissions>
149 <permission>Delete</permission>
150 <permission>delete_content</permission>
151 </allowed-permissions>
152 </rule>
153 <rule regex="/(static-assets|templates|scripts)/.*">
154 <allowed-permissions>
155 <permission>Read</permission>
156 <permission>Write</permission>
157 <permission>Delete</permission>
158 <permission>Create Content</permission>
159 <permission>Create Folder</permission>
160 <permission>Publish</permission>
161 <permission>list_cmis</permission>
162 <permission>search_cmis</permission>
163 <permission>clone_content_cmis</permission>
164 <permission>upload_content_cmis</permission>
165 <permission>delete_content</permission>
166 </allowed-permissions>
167 </rule>
168 <rule regex="~DASHBOARD~">
169 <allowed-permissions>
170 <permission>Publish</permission>
171 </allowed-permissions>
172 </rule>
173 <rule regex=".*">
174 <allowed-permissions>
175 <permission>S3 Read</permission>
176 <permission>S3 Write</permission>
177 </allowed-permissions>
178 </rule>
179 </role>
180 <role name="developer">
181 <rule regex="/.*">
182 <allowed-permissions>
183 <permission>Read</permission>
184 <permission>Write</permission>
185 <permission>Publish</permission>
186 <permission>Create Folder</permission>
187 <permission>Create Content</permission>
188 <permission>Change Content Type</permission>
189 <permission>list_cmis</permission>
190 <permission>search_cmis</permission>
191 <permission>clone_content_cmis</permission>
192 <permission>upload_content_cmis</permission>
193 <permission>write_configuration</permission>
194 <permission>encryption_tool</permission>
195 </allowed-permissions>
196 </rule>
197 <rule regex="^/(?!site/website/index\.xml)(.*)">
198 <allowed-permissions>
199 <permission>Delete</permission>
200 <permission>delete_content</permission>
201 <permission>write_configuration</permission>
202 </allowed-permissions>
203 </rule>
204 <rule regex="~DASHBOARD~">
205 <allowed-permissions>
206 <permission>Publish</permission>
207 </allowed-permissions>
208 </rule>
209 <rule regex=".*">
210 <allowed-permissions>
211 <permission>S3 Read</permission>
212 <permission>S3 Write</permission>
213 </allowed-permissions>
214 </rule>
215 </role>
216 <role name="admin">
217 <rule regex="/.*">
218 <allowed-permissions>
219 <permission>Read</permission>
220 <permission>Write</permission>
221 <permission>Publish</permission>
222 <permission>Create Folder</permission>
223 <permission>Create Content</permission>
224 <permission>Change Content Type</permission>
225 <permission>list_cmis</permission>
226 <permission>search_cmis</permission>
227 <permission>clone_content_cmis</permission>
228 <permission>upload_content_cmis</permission>
229 <permission>add_remote</permission>
230 <permission>list_remotes</permission>
231 <permission>pull_from_remote</permission>
232 <permission>push_to_remote</permission>
233 <permission>rebuild_database</permission>
234 <permission>remove_remote</permission>
235 <permission>write_configuration</permission>
236 <permission>site_status</permission>
237 <permission>resolve_conflict</permission>
238 <permission>site_diff_conflicted_file</permission>
239 <permission>commit_resolution</permission>
240 <permission>cancel_failed_pull</permission>
241 <permission>encryption_tool</permission>
242 </allowed-permissions>
243 </rule>
244 <rule regex="^/(?!site/website/index\.xml)(.*)">
245 <allowed-permissions>
246 <permission>Delete</permission>
247 </allowed-permissions>
248 </rule>
249 <rule regex="~DASHBOARD~">
250 <allowed-permissions>
251 <permission>Publish</permission>
252 <permission>add_remote</permission>
253 <permission>list_remotes</permission>
254 <permission>pull_from_remote</permission>
255 <permission>push_to_remote</permission>
256 <permission>rebuild_database</permission>
257 <permission>remove_remote</permission>
258 <permission>write_configuration</permission>
259 <permission>site_status</permission>
260 <permission>resolve_conflict</permission>
261 <permission>site_diff_conflicted_file</permission>
262 <permission>commit_resolution</permission>
263 <permission>cancel_failed_pull</permission>
264 <permission>encryption_tool</permission>
265 </allowed-permissions>
266 </rule>
267 <rule regex=".*">
268 <allowed-permissions>
269 <permission>S3 Read</permission>
270 <permission>S3 Write</permission>
271 </allowed-permissions>
272 </rule>
273 </role>
274 <role name="reviewer">
275 <rule regex="/.*">
276 <allowed-permissions>
277 <permission>Read</permission>
278 <permission>Publish</permission>
279 </allowed-permissions>
280 </rule>
281 <rule regex="~DASHBOARD~">
282 <allowed-permissions>
283 <permission>Publish</permission>
284 </allowed-permissions>
285 </rule>
286 <rule regex=".*">
287 <allowed-permissions>
288 <permission>S3 Read</permission>
289 </allowed-permissions>
290 </rule>
291 </role>
292 <role name="*">
293 <rule regex="/.*">
294 <allowed-permissions>
295 <permission>Read</permission>
296 </allowed-permissions>
297 </rule>
298 <rule regex=".*">
299 <allowed-permissions>
300 <permission>S3 Read</permission>
301 </allowed-permissions>
302 </rule>
303 </role>
304</permissions>
Description
List of available permissions
Permission |
Description |
|---|---|
add_remote |
User is permitted to add a remote repository |
cancel_failed_pull |
User is permitted to cancel a failed pull from a repository |
cancel_publish |
User is permitted to cancel a publish request |
Change Content Type |
User is permitted to change content type |
clone_content_cmis |
User is permitted to clone content from a CMIS repository |
commit_resolution |
User is permitted to commit resolution |
Create Content |
User is permitted to create new content |
Create Folder |
User is permitted to create new folder |
Delete |
User is permitted to delete content |
delete_content |
User is permitted to delete content using API v2 |
encryption_tool |
User is permitted to encrypt a text value |
get_publishing_queue |
User is permitted to get the list of packages in the publishing queue |
list_cmis |
User is permitted to list files and folders in a CMIS repository with an optional range for pagination |
list_remotes |
User is permitted to list remote repositories for a site |
Publish |
User is permitted to approve submitted content for publishing or publish content |
pull_from_remote |
User is permitted to pull content from remote repository to site content repository |
push_to_remote |
User is permitted to push content to remote repository from site content repository |
Read |
User is permitted to read content |
rebuild_database |
User is permitted to rebuild Crafter Studio’s database and object state with the underlying repository |
remove_remote |
User is permitted to remove remote repository from site content repository |
resolve_conflict |
User is permitted to resolve a conflict for a file by accepting ours or theirs |
S3 Read |
User is permitted to get a list of items from an S3 bucket |
S3 Write |
User is permitted to upload a file to an S3 bucket |
search_cmis |
User is permitted to search files and folders in a CMIS repository with an optional range for pagination |
site_diff_conflicted_file |
User is permitted to get the difference between |
site_status |
User is permitted to get status of repository for a site |
upload_content_cmis |
User is permitted to upload an asset file to CMIS repository |
webdav_read |
User is permitted to get a list of items from a WebDAV server |
webdav_write |
User is permitted to upload a file to a WebDAV server |
Write |
User is permitted to user is permitted to edit content |
write_configuration |
User is permitted to write configuration content for site |
/permissions/site/role@nameRole name
/permissions/site/role/rule@regexRegular expression to filter paths where permission is applied. The value regex=”~DASHBOARD~” is a special regular expression applied for content displayed in dashboard widgets only
/permissions/site/role/rule/allowed-permissions/permissionAllowed permission for role and rule (possible values given in the table above)