• Document Up to Date
  • Updated On 4.0.3

Global Permission Mappings Config

The global permission mappings configuration file lets you configure the permissions to a role globally for the entire application

Permissions per project are managed within Crafter Studio’s UI. See Permission Mappings for more information on project permissions.

Here’s the default global permissions configuration. It contains the permissions mappings for the roles defined in the global role mappings configuration file. To access the file, using your favorite editor, navigate to CRAFTER_HOME/data/repos/global/configuration/ then open the file global-permission-mappings-config.xml. Remember to restart CrafterCMS so your changes to the file will take effect.

CRAFTER_HOME/data/repos/global/configuration/global-permission-mappings-config.xml
 1<!--
 2  This file contains global permissions configuration for Crafter Studio. Permissions per project are managed
 3  within Crafter Studio's UI.
 4
 5  The structure of this file is:
 6  <permissions>
 7    <site id="###GLOBAL###"> (global management)
 8      <role name="">
 9        <rule regex="/.*">
10          <allowed-permissions>
11            <permission>Read</permission>
12            <permission>Write</permission>
13            <permission>Delete</permission>
14            <permission>Create Folder</permission>
15            <permission>Publish</permission>
16          </allowed-permissions>
17        </rule>
18      </role>
19    </site>
20  </permissions>
21
22  This binds a set of permissions to a role globally for the entire application.
23-->
24<permissions>
25  <role name="system_admin">
26    <rule regex="/.*">
27      <allowed-permissions>
28        <permission>content_read</permission>
29        <permission>content_write</permission>
30        <permission>folder_create</permission>
31        <permission>publish</permission>
32        <permission>create-site</permission>
33        <permission>read_groups</permission>
34        <permission>create_groups</permission>
35        <permission>update_groups</permission>
36        <permission>delete_groups</permission>
37        <permission>read_users</permission>
38        <permission>create_users</permission>
39        <permission>update_users</permission>
40        <permission>delete_users</permission>
41        <permission>read_cluster</permission>
42        <permission>create_cluster</permission>
43        <permission>update_cluster</permission>
44        <permission>delete_cluster</permission>
45        <permission>audit_log</permission>
46        <permission>read_logs</permission>
47        <permission>add_remote</permission>
48        <permission>list_remotes</permission>
49        <permission>pull_from_remote</permission>
50        <permission>push_to_remote</permission>
51        <permission>rebuild_database</permission>
52        <permission>remove_remote</permission>
53        <permission>S3 Read</permission>
54        <permission>S3 Write</permission>
55        <permission>content_delete</permission>
56        <permission>webdav_read</permission>
57        <permission>webdav_write</permission>
58        <permission>write_configuration</permission>
59        <permission>write_global_configuration</permission>
60        <permission>encryption_tool</permission>
61        <permission>get_children</permission>
62        <permission>edit_site</permission>
63        <permission>manage_access_token</permission>
64        <permission>list_plugins</permission>
65        <permission>install_plugins</permission>
66        <permission>remove_plugins</permission>
67        <permission>site_delete</permission>
68        <permission>unlock_repository</permission>
69        <permission>item_unlock</permission>
70        <permission>publish_status</permission>
71      </allowed-permissions>
72    </rule>
73  </role>
74</permissions>

Description

List of available permissions

Permission

Description

add_remote

User is permitted to add a remote repository

audit_log

User is permitted to access the Audit from the Main Menu for viewing all the audit logs

cancel_failed_pull

User is permitted to cancel a failed pull from a repository

cancel_publish

User is permitted to cancel a publish request

Change Content Type

User is permitted to change content type

commit_resolution

User is permitted to commit resolution

content_create

User is permitted to create new content

content_delete

User is permitted to delete content

content_read

User is permitted to read content

content_write

User is permitted to user is permitted to edit content

folder_create

User is permitted to create new folder

create_cluster

User is permitted to access the Cluster from the Main Menu for managing clusters

create_groups

User is permitted to access the Groups from the Main Menu for managing groups

create_users

User is permitted to access the Users from the Main Menu for managing users

create-site

User is permitted to access the Projects from the Main Menu for managing projects

delete_cluster

User is permitted to delete a member of the cluster

delete_groups

User is permitted to delete a group

delete_users

User is permitted to delete a user

edit_site

User is permitted to edit project

encryption_tool

User is permitted to access the Encryption Tool from the Main Menu to encrypt a text value

get_children

User is permitted to call getChildren* APIs for browsing project content

get_publishing_queue

User is permitted to get the list of packages in the publishing queue

install_plugins

User is permitted to install plugins

item_unlock

User is permitted to unlock items

list_remotes

User is permitted to list remote repositories for a project

list_plugins

User is permitted to list plugins installed for a project

manage_access_token

User is permitted access to manage (create,remove, etc.) access tokens

publish

User is permitted to approve submitted content for publishing or publish content

publish_status

User is permitted to see publishing status for project

pull_from_remote

User is permitted to pull content from remote repository to project content repository

push_to_remote

User is permitted to push content to remote repository from project content repository

read_cluster

User is permitted to read all the members of the cluster

read_groups

User is permitted to get all groups

read_logs

User is permitted to access the Logging Levels and Log Console tools from the Main Menu

read_users

User is permitted to get all users

rebuild_database

User is permitted to rebuild Crafter Studio’s database and object state with the underlying repository

remove_plugins

User is permitted to remove installed plugins

remove_remote

User is permitted to remove remote repository from project content repository

resolve_conflict

User is permitted to resolve a conflict for a file by accepting ours or theirs

S3 Read

User is permitted to get a list of items from an S3 bucket

S3 Write

User is permitted to upload a file to an S3 bucket

site_delete

User is permitted to delete a project

site_diff_conflicted_file

User is permitted to get the difference between ours and theirs for a conflicted file for a project

site_status

User is permitted to get status of repository for a project

unlock_repository

User is permitted to unlock repository

update_cluster

User is permitted to update the cluster

update_groups

User is permitted to update groups

update_users

User is permitted to update user

webdav_read

User is permitted to get a list of items from a WebDAV server

webdav_write

User is permitted to upload a file to a WebDAV server

write_configuration

User is permitted to write configuration content for project

write_global_configuration

User is permitted access to the Global Config tool from the Main Menu