• Document Up to Date
  • Updated On 4.0.0

Global Permission Mappings Config

The global permission mappings configuration file lets you configure the permissions to a role globally for the entire application

Permissions per project are managed within Crafter Studio’s UI. See Permission Mappings for more information on project permissions.

Here’s the default global permissions configuration. It contains the permissions mappings for the roles defined in the global role mappings configuration file. To access the file, using your favorite editor, navigate to CRAFTER_HOME/data/repos/global/configuration/ then open the file global-permission-mappings-config.xml. Remember to restart CrafterCMS so your changes to the file will take effect.

CRAFTER_HOME/data/repos/global/configuration/global-permission-mappings-config.xml
 1<!--
 2  This file contains global permissions configuration for Crafter Studio. Permissions per project are managed
 3  within Crafter Studio's UI.
 4
 5  The structure of this file is:
 6  <permissions>
 7    <site id="###GLOBAL###"> (global management)
 8      <role name="">
 9        <rule regex="/.*">
10          <allowed-permissions>
11            <permission>Read</permission>
12            <permission>Write</permission>
13            <permission>Delete</permission>
14            <permission>Create Folder</permission>
15            <permission>Publish</permission>
16          </allowed-permissions>
17        </rule>
18      </role>
19    </site>
20  </permissions>
21
22  This binds a set of permissions to a role globally for the entire application.
23-->
24<permissions>
25  <role name="system_admin">
26    <rule regex="/.*">
27      <allowed-permissions>
28        <permission>content_read</permission>
29        <permission>content_write</permission>
30        <permission>folder_create</permission>
31        <permission>publish</permission>
32        <permission>create-site</permission>
33        <permission>read_groups</permission>
34        <permission>create_groups</permission>
35        <permission>update_groups</permission>
36        <permission>delete_groups</permission>
37        <permission>read_users</permission>
38        <permission>create_users</permission>
39        <permission>update_users</permission>
40        <permission>delete_users</permission>
41        <permission>read_cluster</permission>
42        <permission>create_cluster</permission>
43        <permission>update_cluster</permission>
44        <permission>delete_cluster</permission>
45        <permission>audit_log</permission>
46        <permission>read_logs</permission>
47        <permission>list_cmis</permission>
48        <permission>search_cmis</permission>
49        <permission>clone_content_cmis</permission>
50        <permission>upload_content_cmis</permission>
51        <permission>add_remote</permission>
52        <permission>list_remotes</permission>
53        <permission>pull_from_remote</permission>
54        <permission>push_to_remote</permission>
55        <permission>rebuild_database</permission>
56        <permission>remove_remote</permission>
57        <permission>S3 Read</permission>
58        <permission>S3 Write</permission>
59        <permission>content_delete</permission>
60        <permission>webdav_read</permission>
61        <permission>webdav_write</permission>
62        <permission>write_configuration</permission>
63        <permission>write_global_configuration</permission>
64        <permission>encryption_tool</permission>
65        <permission>get_children</permission>
66        <permission>edit_site</permission>
67        <permission>manage_access_token</permission>
68        <permission>list_plugins</permission>
69        <permission>install_plugins</permission>
70        <permission>remove_plugins</permission>
71        <permission>site_delete</permission>
72        <permission>unlock_repository</permission>
73        <permission>item_unlock</permission>
74        <permission>publish_status</permission>
75      </allowed-permissions>
76    </rule>
77  </role>
78</permissions>

Description

List of available permissions

Permission Description
add_remote User is permitted to add a remote repository
audit_log User is permitted to access the Audit from the Main Menu for viewing all the audit logs
cancel_failed_pull User is permitted to cancel a failed pull from a repository
cancel_publish User is permitted to cancel a publish request
Change Content Type User is permitted to change content type
clone_content_cmis User is permitted to clone content from a CMIS repository
commit_resolution User is permitted to commit resolution
content_create User is permitted to create new content
content_delete User is permitted to delete content
content_read User is permitted to read content
content_write User is permitted to user is permitted to edit content
folder_create User is permitted to create new folder
create_cluster User is permitted to access the Cluster from the Main Menu for managing clusters
create_groups User is permitted to access the Groups from the Main Menu for managing groups
create_users User is permitted to access the Users from the Main Menu for managing users
create-site User is permitted to access the Projects from the Main Menu for managing projects
delete_cluster User is permitted to delete a member of the cluster
delete_groups User is permitted to delete a group
delete_users User is permitted to delete a user
edit_site User is permitted to edit project
encryption_tool User is permitted to access the Encryption Tool from the Main Menu to encrypt a text value
get_children User is permitted to call getChildren* APIs for browsing project content
get_publishing_queue User is permitted to get the list of packages in the publishing queue
install_plugins User is permitted to install plugins
item_unlock User is permitted to unlock items
list_cmis User is permitted to list files and folders in a CMIS repository with an optional range for pagination
list_remotes User is permitted to list remote repositories for a project
list_plugins User is permitted to list plugins installed for a project
manage_access_token User is permitted access to manage (create,remove, etc.) access tokens
publish User is permitted to approve submitted content for publishing or publish content
publish_status User is permitted to see publishing status for project
pull_from_remote User is permitted to pull content from remote repository to project content repository
push_to_remote User is permitted to push content to remote repository from project content repository
read_cluster User is permitted to read all the members of the cluster
read_groups User is permitted to get all groups
read_logs User is permitted to access the Logging Levels and Log Console tools from the Main Menu
read_users User is permitted to get all users
rebuild_database User is permitted to rebuild Crafter Studio’s database and object state with the underlying repository
remove_plugins User is permitted to remove installed plugins
remove_remote User is permitted to remove remote repository from project content repository
resolve_conflict User is permitted to resolve a conflict for a file by accepting ours or theirs
S3 Read User is permitted to get a list of items from an S3 bucket
S3 Write User is permitted to upload a file to an S3 bucket
search_cmis User is permitted to search files and folders in a CMIS repository with an optional range for pagination
site_delete User is permitted to delete a project
site_diff_conflicted_file User is permitted to get the difference between ours and theirs for a conflicted file for a project
site_status User is permitted to get status of repository for a project
unlock_repository User is permitted to unlock repository
update_cluster User is permitted to update the cluster
update_groups User is permitted to update groups
update_users User is permitted to update user
upload_content_cmis User is permitted to upload an asset file to CMIS repository
webdav_read User is permitted to get a list of items from a WebDAV server
webdav_write User is permitted to upload a file to a WebDAV server
write_configuration User is permitted to write configuration content for project
write_global_configuration User is permitted access to the Global Config tool from the Main Menu