Updated On 4.1.2

Studio Configuration

Crafter Studio is primarily configured via a single configuration file, studio-config.yaml, and 2 override files that can be used to override the settings in the core configuration file.

The core configuration file for Crafter Studio studio-config.yaml is located under CRAFTER_HOME/bin/apache-tomcat/webapps/studio/WEB-INF/classes/crafter/studio and contains pre-configured settings.

Warning

Do not change the studio-config.yaml file directly, simply override the settings you want to change in one of the override files.

The override files are:

Studio Configuration Override file studio-config-override.yaml located under CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension can be accessed by opening the file using your favorite editor
Global Studio Configuration Override file studio-config-override.yaml located under CRAFTER_HOME/data/repos/global/configuration can be accessed from Studio from the Navigation Menu under Global Config

The configuration loading order is as follows:

studio-config.yaml from the WAR file is loaded first
studio-config-override.yaml from the shared folder is loaded next (if it exists)
studio-config-override.yaml from the global configuration folder is loaded last (if it exists)

If the same property is present in more than one file, the value from the last configuration file will be used.

You’ll note that the first override file from the CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension folder resides on the local file system. This makes it easy for system admins, but it will not replicate across a cluster. The second override file from the CRAFTER_HOME/data/repos/global/configuration folder is a repository item and will replicate across a cluster. Furthermore, the second override file can be managed from Studio without need to the operating system’s file system. See Navigation Menu Global Config for more information on how to access the global configuration file from Studio.

Note

Changing the configuration files requires a restart of Crafter Studio for the changes to take effect.

Note

Environment variables can be used to override any property defined as ${env:ENVIRONMENT_VARIABLE} in the configuration files.This allows you to inject these properties into a vanilla installation without having to modify any actual files, which is especially useful when using Docker or Kubernetes.

Studio Configuration Properties 

In this section we will highlight some of the more commonly used properties in the configuration of Crafter Studio. For a complete list of all the properties, see the studio-config.yaml file.

Configuration Properties
Property	Purpose
SMTP Configuration (Email)	Configure the SMTP server to be used by Crafter Studio when sending emails
CORS	Configure CORS
Editable Mime Types	Configure the MIME-types that are editable directly in Crafter Studio
Project/Site Configuration	Configure your project/site configuration
Preview Deployer Configuration	Configure your deployer URLs
Preview Search Configuration	Configure your search URLs
Search	Configure Studio search
Cache Settings	Configure the cache control settings for templates and assets
Forwarded Headers	Configure forwarded headers
Policy Headers	Configure policy headers
crafterSite Cookie Domain	Configure the `crafterSite` cookie domain
Serverless Delivery Targets	Configure serverless delivery
Validations Regex	Configure the regex used for validating various inputs
Commit Message	Configure the commit messages used by Crafter Studio
Publishing Blacklist	Configure the publishing blacklist
Studio Timeouts	Configure Studio timeouts

SMTP Configuration (Email)

This section allows the user to setup a mail client by configuring the SMTP server to be used for sending emails from Crafter Studio, such as when authors request to publish content, or when a request to publish has been approved.

CRAFTER_HOME/data/repos/global/configuration/studio-config-override.yaml

##################################################
##        SMTP Configuration (Email)            ##
##################################################
# Default value for from header when sending emails.
# studio.mail.from.default: admin@example.com
# SMTP server name to send emails.
# studio.mail.host: ${env:MAIL_HOST}
# SMTP port number to send emails.
# studio.mail.port: ${env:MAIL_PORT}
# SMTP username for authenticated access when sending emails.
# studio.mail.username:
# SMTP password for authenticated access when sending emails.
# studio.mail.password:
# Turn on/off (value true/false) SMTP authenaticated access protocol.
# studio.mail.smtp.auth: false
# Enable/disable (value true/false) SMTP TLS protocol when sending emails.
# studio.mail.smtp.starttls.enable: false
# Enable/disable (value true/false) SMTP EHLO protocol when sending emails.
# studio.mail.smtp.ehlo: true
# Enable/disable (value true/false) debug mode for email service. Enabling debug mode allows tracking/debugging communication between email service and SMTP server.
# studio.mail.debug: false

CORS 

The following section of Studio’s configuration overrides allows you to setup CORS

CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension/studio-config-override.yaml

################################################################
##                             CORS                           ##
################################################################
# This is configured as permissive by default for ease of deployment
# Remember to tighten this up for production

# Disable CORS headers completely
# studio.cors.disable: false
# Value for the Access-Control-Allow-Origin header
# studio.cors.origins: '*'
# Value for the Access-Control-Allow-Headers header
# studio.cors.headers: '*'
# Value for the Access-Control-Allow-Methods header
# studio.cors.methods: '*'
# Value for the Access-Control-Allow-Credentials header
# studio.cors.credentials: true
# Value for the Access-Control-Max-Age header
# studio.cors.maxage: -1

The CORS origins accepts regex patterns. Values are split using ,. Remember that commas inside patterns need to be escaped with a \ like: studio.cors.origins: 'http://localhost:[8000\,3000],http://*.other.domain'

Editable Mime Types 

Here’s the default list of MIME-types editable in Studio:

# Item MIME-types that are editable directly in Crafter Studio
studio.content.item.editableTypes:
- text/plain
- text/html
- text/css
- text/x-freemarker
- application/javascript
- application/json
- application/xml
- application/xhtml+xml

These can be updated as needed by overriding the property in one of the override files.

Project/Site Configuration 

The following section of Studio’s configuration overrides allows you to setup your project configuration.

CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension/studio-config-override.yaml

############################################################
##                   Site Configuration                   ##
############################################################
# Destroy site context url for preview engine
studio.configuration.site.preview.destroy.context.url: ${env:ENGINE_URL}/api/1/site/context/destroy.json?crafterSite={siteName}&token=${studio.configuration.management.previewAuthorizationToken}
# Default preview URL
studio.configuration.site.defaultPreviewUrl: ^https?://localhost:8080/?
# Default authoring URL
studio.configuration.site.defaultAuthoringUrl: ^https?://localhost:8080/studio/?
# Default GraphQL server URL
studio.configuration.site.defaultGraphqlServerUrl: ^https?://localhost:8080/?
# Studio management authorization token.
studio.configuration.management.authorizationToken: ${env:STUDIO_MANAGEMENT_TOKEN}
# Preview engine management authorization token.
studio.configuration.management.previewAuthorizationToken: ${env:ENGINE_MANAGEMENT_TOKEN}
# Protected URLs with preview engine management authorization token.
# Coma separated list of preview engine urls
studio.configuration.management.previewProtectedUrls: >-
  /api/1/monitoring/log.json,
  /api/1/monitoring/memory.json,
  /api/1/monitoring/status.json,
  /api/1/monitoring/version.json,
  /api/1/site/context/id,
  /api/1/site/context/destroy,
  /api/1/site/context/rebuild,
  /api/1/site/context/graphql/rebuild,
  /api/1/site/cache/clear,
  /api/1/site/cache/statistics

Preview Deployer Configuration 

The following section of Studio’s configuration overrides allows you to setup your deployer URLs

CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension/studio-config-override.yaml

############################################################
##                    Preview Deployer                    ##
############################################################

# Default preview deployer URL (can be overridden per site)
studio.preview.defaultPreviewDeployerUrl: ${env:DEPLOYER_URL}/api/1/target/deploy/{siteEnv}/{siteName}
# Default preview create target URL (can be overridden per site)
studio.preview.createTargetUrl: ${env:DEPLOYER_URL}/api/1/target/create_if_not_exists
# Default preview create target URL (can be overridden per site)
studio.preview.deleteTargetUrl: ${env:DEPLOYER_URL}/api/1/target/delete-if-exists/{siteEnv}/{siteName}
# URL to the preview repository (aka Sandbox) where authors save work-in-progress
studio.preview.repoUrl: ${env:CRAFTER_DATA_DIR}/repos/sites/{siteName}/sandbox

Preview Search Configuration 

The following section of Studio’s configuration overrides allows you to setup urls for search in preview

CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension/studio-config-override.yaml

############################################################
##                   Preview Search                       ##
############################################################

studio.preview.search.createUrl: ${env:SEARCH_URL}/api/2/admin/index/create
studio.preview.search.deleteUrl: ${env:SEARCH_URL}/api/2/admin/index/delete/{siteName}

Search 

The following section of Studio’s configuration overrides allows you to setup the url for search

CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension/studio-config-override.yaml

################################################################
##                           Search                           ##
################################################################
# URLs to connect to Search
studio.search.urls: ${env:SEARCH_URL}
# The username for Search
studio.search.username: ${env:SEARCH_USERNAME}
# The password for Search
studio.search.password: ${env:SEARCH_PASSWORD}
# The connection timeout in milliseconds, if set to -1 the default will be used
studio.search.timeout.connect: -1
# The socket timeout in milliseconds, if set to -1 the default will be used
studio.search.timeout.socket: -1
# The number of threads to use, if set to -1 the default will be used
studio.search.threads: -1
# Indicates if keep alive should be enabled for sockets used by the search client, defaults to false
studio.search.keepAlive: false

Cache Settings 

Here’s the cache control settings for templates and assets:

# If Studio should cache its FreeMarker templates
studio.cache.templates: true
# Indicates if the browser should cache responses for static-assets
studio.cache.assets.enabled: true
# The max age in seconds that the browser should cache responses for requests matching `studio.cache.assets.maxAge.includeUrls`
studio.cache.assets.maxAge: 3600
# The urls that should include max-age=<studio.cache.assets.maxAge> in Cache-Control header. Other urls will be set to default max-age=0, must-revalidate
studio.cache.assets.maxAge.includeUrls: /static-assets/**,/1/plugin/file/**

Forwarded Headers 

The following section of Studio’s configuration overrides allows you to configure forwarded headers to resolve the actual hostname and protocol when it is behind a load balancer or reverse proxy. This is especially useful when setting up Studio behind a load balancer in AWS.

CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension/studio-config-override.yaml

##################################################
##             Forwarded Headers                ##
##################################################
# Indicates if Forwarded or X-Forwarded headers should be used when resolving the client-originated protocol and
# address. Enable when Studio is behind a reverse proxy or load balancer that sends these
studio.forwarded.headers.enabled: false

Policy Headers 

Content Security Policy

Since 4.1.2

The following allows you to configure which resources can be loaded (e.g. JavaScript, CSS, Images, etc.) and the URLs that they can be loaded from.

CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension/studio-config-override.yaml

# Value for the Content-Security-Policy header
studio.security.headers.contentSecurityPolicy.value: default-src 'unsafe-inline'
# Set to true to enable the Content-Security-Policy-Report-Only header (this will report in the user agent console instead of actually blocking the requests)
studio.security.headers.contentSecurityPolicy.reportOnly: true

To block offending requests, set studio.security.headers.contentSecurityPolicy.reportOnly to false. This property is set to true by default

X-Permitted-Cross-Domain-Policies

The following allows you to configure what other domains you want to allow access to your domain. The X-PERMITTED-CROSS-DOMAIN-POLICIES header is set to none (do not allow any embedding) by default.

CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension/studio-config-override.yaml

# Value for the X-PERMITTED-CROSS-DOMAIN-POLICIES header
studio.security.headers.permittedCrossDomainPolicies.value: none

Serverless Delivery Targets 

The following section of Studio’s configuration overrides allows you to setup serverless delivery

CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension/studio-config-override.yaml

##########################################################
##                 Serverless Delivery                  ##
##########################################################
# Indicates if serverless delivery is enabled
# studio.serverless.delivery.enabled: false
# The URL for the serverless delivery deployer create URL
# studio.serverless.delivery.deployer.target.createUrl: ${studio.preview.createTargetUrl}
# The URL for the serverless delivery deployer delete URL
# studio.serverless.delivery.deployer.target.deleteUrl: ${studio.preview.deleteTargetUrl}
# The template name for serverless deployer targets
# studio.serverless.delivery.deployer.target.template: aws-cloudformed-s3
# Replace existing target configuration if one exists?
# studio.serverless.delivery.deployer.target.replace: false
# The URL the deployer will use to clone/pull the site's published repo. When the deployer is in a separate node
# (because of clustering), this URL should be an SSH/HTTP URL to the load balancer in front of the Studios
# studio.serverless.delivery.deployer.target.remoteRepoUrl: ${env:CRAFTER_DATA_DIR}/repos/sites/{siteName}/published
# The deployer's local path where it will store the clone of the published site. This property is not needed if
# the deployer is not the preview deployer, so you can leave an empty string ('') instead
# studio.serverless.delivery.deployer.target.localRepoPath: ${env:CRAFTER_DATA_DIR}/repos/aws/{siteName}
# Parameters for the target template. Please check the deployer template documentation for the possible parameters.
# The following parameters will be sent automatically, and you don't need to specify them: env, site_name, replace,
# disable_deploy_cron, local_repo_path, repo_url, use_crafter_search
# studio.serverless.delivery.deployer.target.template.params:
#   # The delivery search endpoint (optional is authoring is using the same one, specified in the SEARCH_URL env variable)
#   search_url:
#   aws:
#     # AWS region (optional if specified through default AWS chain)
#     region: us-east-1
#     # AWS access key (optional if specified through default AWS chain)
#     default_access_key:
#     # AWS secret key (optional if specified through default AWS chain)
#     default_secret_key:
#     cloudformation:
#       # AWS access key (optional if aws.accessKey is specified)
#       access_key:
#       # AWS secret key (optional if aws.secretKey is specified)
#       secret_key:
#       # Namespace to use for CloudFormation resources (required when target template is aws-cloudformed-s3)
#       namespace: myorganization
#       # The domain name of the serverless delivery LB (required when target template is aws-cloudformed-s3)
#       deliveryLBDomainName:
#       # The SSL certificate ARN the CloudFront CDN should use (optional when target template is aws-cloudformed-s3)
#       cloudfrontCertificateArn:
#       # The alternate domains names (besides *.cloudfront.net) for the CloudFront CDN (optional when target template is aws-cloudformed-s3)
#       alternateCloudFrontDomainNames:

Validations Regex 

Since 4.0.3

CrafterCMS validates API requests related with users and groups through regex restrictions to avoid malicious payloads.

The following section of Studio’s configuration overrides allows you to configure the regex used for validating user names and group names to suit your needs.

CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension/studio-config-override.yaml

##########################################################
##                  Input Validations                   ##
##########################################################
# These properties override default validation regex patterns
# from crafter common validations.
# Key should have the form `studio.validation.regex.KEY_NAME`
# Value should be a valid java regex.
#
# studio.validation.regex.HTTPParameterName: "^[a-zA-Z0-9_\\-]{1,32}$"
# studio.validation.regex.SITEID: "^[a-z0-9\-_]*$"
# studio.validation.regex.EMAIL: "^([\\w\\d._\\-#])+@([\\w\\d._\\-#]+[.][\\w\\d._\\-#]+)+$"
# studio.validation.regex.USERNAME: "^[a-zA-Z][\\w.\\-@+]+$"
# studio.validation.regex.GROUP_NAME: "^[a-zA-Z][\\w.\\-]*$"
# studio.validation.regex.ALPHANUMERIC: "^[a-zA-Z0-9]*$"
# studio.validation.regex.SEARCH_KEYWORDS: "^[\\w\\s\\-\\\"\\.\\*]*$"
# studio.validation.regex.CONTENT_PATH_WRITE: "^/?([\\w\\- ]+/?)*(((crafter\\-level\\-descriptor\\.level)|([\\w\\- ]))+\\.[\\w]+)?$"
# studio.validation.regex.CONTENT_PATH_READ: "^/?([\\w\\p{IsLatin}@$%^&{}\\[\\]()+\\-=,.:~'`]+(\\s*[\\w\\p{IsLatin}/@$%^&{}\\[\\]()+\\-=,.:~'`])*(/?))*$"
# studio.validation.regex.CONTENT_FILE_NAME_WRITE: "^((crafter\\-level\\-descriptor\\.level)|([a-z0-9_\\-])+)\\.xml$"
# studio.validation.regex.CONFIGURATION_PATH: "^([a-z0-9\\-_/]+([.]*[a-z0-9\\-_])+)*(\\.[\w]+)?/?$"

Commit Message 

Here are the default commit messages when someone makes content changes and can be customized by overriding them using one of the override files.

# Repository commit prologue message
studio.repo.commitMessagePrologue:
# Repository commit postscript message
studio.repo.commitMessagePostscript:
# Sandbox repository write commit message
studio.repo.sandbox.write.commitMessage: "User {username} wrote content {path}"
# Published repository commit message
studio.repo.published.commitMessage: "Publish event triggered by {username} on {datetime} via {source}.\n\nPublish note from user: \"{message}\"\n\nCommit ID: {commit_id}\n\nPackage ID: {package_id}"
# Commit message to mark commit not to process when syncing database
studio.repo.syncDB.commitMessage.noProcessing: "STUDIO: NO PROCESSING"
# Create new repository commit message
studio.repo.createRepository.commitMessage: "Create new repository."
# Create sandbox branch commit message
studio.repo.createSandboxBranch.commitMessage: "Create {sandbox} branch."
# Initial commit message
studio.repo.initialCommit.commitMessage: "Initial commit."
# Create as orphan commit message
studio.repo.createAsOrphan.commitMessage: "Created as orphan."
# Blueprints updated commit message
studio.repo.blueprintsUpdated.commitMessage: "Blueprints updated."
# Create folder commit message
studio.repo.createFolder.commitMessage: "Created folder site: {site} path: {path}"
# Delete content commit message
studio.repo.deleteContent.commitMessage: "Delete file {path}"
# Move content commit message
studio.repo.moveContent.commitMessage: "Moving {fromPath} to {toPath}"
# Copy content commit message
studio.repo.copyContent.commitMessage: "Copying {fromPath} to {toPath}"

Publishing Blacklist 

CrafterCMS allows creating a publishing blacklist to prevent certain unwanted items from being published.

A comma separated list of regexes is used to configure items that should not be published.

To configure the publishing blacklist, using your favorite editor open CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension/studio-config-override.yaml or open the Global Studio Configuration Override file studio-config-override.yaml located under CRAFTER_HOME/data/repos/global/configuration that can be accessed from Studio from the Main Menu under Global Config.

Add the following lines with the regex for the item you wish not to be published. By default, .keep files are not published by CrafterCMS. Just add a , then your regex after .*/\.keep:

studio-config-override.yaml

# Publishing blacklist configuration, items matching regexes on this list will never be published
studio.configuration.publishing.blacklist.regex: >-
.*/\.keep

Items in the publishing blacklist will not be published but will instead be marked as published and logged (debug level) in the tomcat log, why the item was not published.

[DEBUG] 2021-04-22T08:16:01,023 [studio.clockTaskExecutor-42] [deployment.PublishingManagerImpl] | File /static-assets/css/.keep of the site mysite will not be published because it matches the configured publishing blacklist regex patterns.

Example

Let’s take a look at an example.

Create a site using the website editorial blueprint, then create the folder mytempimages under /static-assets/images.

Say, you do not want files under /static-assets/images/mytempimages to be published when a user performs a bulk publish or Approve & Publish of multiple items from the dashboard. We’ll add to the studio.configuration.publishing.blacklist.regex the regex for items under /static-assets/images/mytempimages

studio-config-override.yaml

# Publishing blacklist configuration, items matching regexes on this list will never be published
studio.configuration.publishing.blacklist.regex: >-
.*/\.keep,\/static-assets\/images\/mytempimages\/.*

Save your changes and restart Studio.

Upload an image under /static-assets/images/mytempimages

System Administrator - Publishing blacklist example file uploaded that will not be published"

Publish the uploaded image by right-clicking on the image, then select Approve & Publish. The Approve for Publish dialog will open up. Select Items should be published now, then click on the Submit button.

After publishing, open the Sidebar again and navigate to /static-assets/images/mytempimages. Notice that your file has been marked published.

System Administrator - Publishing blacklist example file published"

Let’s take a look at the tomcat log, notice that it was logged that the file we uploaded will not be published because it is in the publishing blacklist:

Tomcat log of item in publishing blacklist

[INFO] 2021-04-22T12:48:24,903 [studio.clockTaskExecutor-36] [job.StudioPublisherTask] | Starting publishing on environment live for site mysite
[DEBUG] 2021-04-22T12:48:28,990 [studio.clockTaskExecutor-36] [deployment.PublishingManagerImpl] | Environment is live, transition item to LIVE state mysite:/static-assets/images/mytempimages/26072150271_848c0008f0_o.jpg
[DEBUG] 2021-04-22T12:48:28,992 [studio.clockTaskExecutor-36] [deployment.PublishingManagerImpl] | File /static-assets/images/mytempimages/26072150271_848c0008f0_o.jpg of the site mysite will not be published because it matches the configured publishing blacklist regex patterns.
[INFO] 2021-04-22T12:48:29,014 [studio.clockTaskExecutor-36] [job.StudioPublisherTask] | Finished publishing environment live for site mysite

Timeouts 

Changing the Session Timeout

CrafterCMS has configurable timeouts for session lifetime and session inactivity.

Session lifetime timeout is the amount of time a session is valid before requiring the user to re-authenticate.

Session inactivity timeout is the amount of time of user inactivity before requiring the user to re-authenticate.

In some cases, some operations in CrafterCMS may last longer than the user session inactivity timeout settings. For this scenario, the session inactivity timeout will need to be modified to allow the operation to finish without the session timing out. Also, you may want to change the timeouts from the default settings.

Here’s a summary of the session timeouts available in CrafterCMS:

Timeout Name	Default Value (in minutes)	Description
`sessionTimeout`	480	Studio session lifetime timeout Location: CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension/studio-config-override.yaml The amount of time a session is valid counting from when a user is logged in. After this amount of time,a session timeout will be forced in the application layer even if the user is active.
`inactivityTimeout`	30	Studio session inactivity timeout Location: CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension/studio-config-override.yaml The amount of time of user inactivity, tracked by Studio, before requiring the user to re-authenticate. Remember to set the `inactivityTimeout` value less than the `session-timeout` value in the `web.xml` file. The session inactivity time tracked by Studio is different from the session inactivity time tracked by Tomcat. This is because there are some API calls that are not tracked as active by Studio.
`session-timeout`	30	Tomcat session timeout Location: CRAFTER_HOME/bin/apache-tomcat/webapps/studio/WEB-INF/web.xml The amount of time of user inactivity, tracked by Tomcat, before requiring the user to re-authenticate. This value must be greater than or equal to `inactivityTimeout` since that timeout can and does kick in before this one.

Change Session Lifetime Timeout

To change the session lifetime timeout, in your CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension/studio-config-override.yaml, change the value for studio.security.sessionTimeout to desired amount of time the session is valid in minutes for users.

# Time in minutes after which active users will be required to login again
# studio.security.sessionTimeout: 480

Make sure to stop and restart Studio after making your changes.

Change Session Inactivity Timeout

There are two timeouts you can configure for the session inactivity timeout as described in the above table.

session-timeout in the Tomcat web.xml file This is the default Tomcat timeout for handling idle connections (inactive)
inactivityTimeout in the Studio override configuration file This is the Studio session inactivity timeout

To change the session inactivity timeout, follow the instructions below:

In your CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension/studio-config-override.yaml, change the value for studio.security.inactivityTimeout to set the amount of time in minutes the amount of time a user can be inactive before the user’s session times out.
```
# Time in minutes after which inactive users will be required to login again
# studio.security.inactivityTimeout: 30
```
In your CRAFTER_HOME/bin/apache-tomcat/webapps/studio/WEB-INF/web.xml file, change the value in between the session-timeout tags to desired amount of time the session will exist in minutes:
```
<session-config>
  <session-timeout>30</session-timeout>
  <tracking-mode>COOKIE</tracking-mode>
    </session-config>
```

Remember to keep the Studio session inactivity timeout inactivityTimeout from the studio-config-override.yaml file less than the Tomcat session-timeout from the CRAFTER_HOME/bin/apache-tomcat/webapps/studio/WEB-INF/web.xml file.

Make sure to stop and restart Studio after making your changes.

You can also change the Studio session timeouts from the Main Menu in Studio under Global Config

Studio Multi-environment Support 

To setup a Studio environment, do the following:

Create a folder under CRAFTER_HOME/data/repos/sites/${site}/sandbox/config/studio called env
Inside the folder, create a directory called myenv (or whatever you want to call the environment)
Copy the configuration file you want to override in the new environment you are setting up, inside your myenv folder following the folder structure under config/studio.
Remember to commit the files copied so Studio will pick it up.

In the crafter-setenv.sh file in TOMCAT/bin set the following property to desired environment:

CRAFTER_HOME/bin/crafter-setenv.sh

# -------------------- Configuration variables --------------------
export CRAFTER_ENVIRONMENT=${CRAFTER_ENVIRONMENT:=myenv}

Restart Studio

Example 

Let’s take a look at an example of creating a new environment, called mycustomenv with the rte-setup-tinymce5.xml file overridden in the new environment:

We’ll create a folder called env under CRAFTER_HOME/data/repos/site/my-awesome-editorial/sandbox/config/studio

data/
  repos/
    sites/
      my-awesome-editorial/
        sandbox/
          config/
            studio/
              administration/
              content-types/
              data-sources/
              dependency/
              env/
              permission-mappings-config.xml
              role-mappings-config.xml
              site-config.xml
              studio_version.xml
              translation-config.xml
              ui.xml
              workflow/

Inside the env folder, create a directory called mycustomenv
We will now copy the configuration file for the ui.xml that we want to override in the new environment we are setting up, inside our mycustomenv folder, following the folder structure under config/studio. For our example, the ui.xml file is under config/studio/:
env/ mycustomenv/ ui.xml

Remember to commit the files copied so Studio will pick it up.

➜  sandbox git:(master) ✗ git add .
➜  sandbox git:(master) ✗ git commit -m "Add updated ui.xml file for mycustomenv"

Open the crafter-setenv.sh file in TOMCAT/bin and set the value of CRAFTER_ENVIRONMENT to the environment we setup above to make it the active environment:
CRAFTER_HOME/bin/crafter-setenv.sh
# -------------------- Configuration variables -------------------- export CRAFTER_ENVIRONMENT=${CRAFTER_ENVIRONMENT:=mycustomenv}
Restart Studio. To verify our newly setup environment, open the Sidebar and click on , then select Configuration. Notice that the active environment mycustomenv will be displayed on top of the configurations list:

Access and Permissions 

To configure access to Crafter Studio beyond adding groups and users, you’ll need to configure the following files:

Global Permission Mappings Config 

The global permission mappings configuration file lets you configure the permissions to a role globally for the entire application

Permissions per project are managed within Crafter Studio’s UI. See Permission Mappings for more information on project permissions.

Here’s the default global permissions configuration (click on the triangle on the left to expand/collapse). It contains the permissions mappings for the roles defined in the global role mappings configuration file. To access the file, using your favorite editor, navigate to CRAFTER_HOME/data/repos/global/configuration/ then open the file global-permission-mappings-config.xml. Remember to restart CrafterCMS so your changes to the file will take effect.

Sample "permission-mappings-config.xml"

CRAFTER_HOME/data/repos/global/configuration/global-permission-mappings-config.xml

<?xml version="1.0" encoding="UTF-8"?>
<!--
  ~ Copyright (C) 2007-2022 Crafter Software Corporation. All Rights Reserved.
  ~
  ~ This program is free software: you can redistribute it and/or modify
  ~ it under the terms of the GNU General Public License version 3 as published by
  ~ the Free Software Foundation.
  ~
  ~ This program is distributed in the hope that it will be useful,
  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  ~ GNU General Public License for more details.
  ~
  ~ You should have received a copy of the GNU General Public License
  ~ along with this program.  If not, see <http://www.gnu.org/licenses/>.
  -->

<!--
    This file contains global permissions configuration for Crafter Studio. Permissions per site are managed
    within Crafter Studio's UI.

    The structure of this file is:
    <permissions>
        <site id="###GLOBAL###"> (global management)
            <role name="">
                <rule regex="/.*">
                    <allowed-permissions>
                        <permission>Read</permission>
                        <permission>Write</permission>
                        <permission>Delete</permission>
                        <permission>Create Folder</permission>
                         <permission>Publish</permission>
                    </allowed-permissions>
                </rule>
            </role>
        </site>
    </permissions>

    This binds a set of permissions to a role globally for the entire application.
-->
<permissions>
    <role name="system_admin">
        <rule regex="/.*">
            <allowed-permissions>
                <permission>content_read</permission>
                <permission>content_copy</permission>
                <permission>content_write</permission>
                <permission>folder_create</permission>
                <permission>publish</permission>
                <permission>create_site</permission>
                <permission>read_groups</permission>
                <permission>create_groups</permission>
                <permission>update_groups</permission>
                <permission>delete_groups</permission>
                <permission>read_users</permission>
                <permission>create_users</permission>
                <permission>update_users</permission>
                <permission>delete_users</permission>
                <permission>read_cluster</permission>
                <permission>create_cluster</permission>
                <permission>update_cluster</permission>
                <permission>delete_cluster</permission>
                <permission>audit_log</permission>
                <permission>read_logs</permission>
                <permission>add_remote</permission>
                <permission>list_remotes</permission>
                <permission>pull_from_remote</permission>
                <permission>push_to_remote</permission>
                <permission>rebuild_database</permission>
                <permission>remove_remote</permission>
                <permission>s3_read</permission>
                <permission>s3_write</permission>
                <permission>content_delete</permission>
                <permission>webdav_read</permission>
                <permission>webdav_write</permission>
                <permission>write_configuration</permission>
                <permission>write_global_configuration</permission>
                <permission>encryption_tool</permission>
                <permission>get_children</permission>
                <permission>edit_site</permission>
                <permission>manage_access_token</permission>
                <permission>search_plugins</permission>
                <permission>list_plugins</permission>
                <permission>install_plugins</permission>
                <permission>remove_plugins</permission>
                <permission>delete_site</permission>
                <permission>unlock_repository</permission>
                <permission>item_unlock</permission>
                <permission>publish_status</permission>
                <permission>repair_repository</permission>
                <permission>content_search</permission>
                <permission>view_logs</permission>
                <permission>view_log_levels</permission>
                <permission>configure_log_levels</permission>
                <permission>content_create</permission>
                <permission>get_publishing_queue</permission>
                <permission>cancel_publish</permission>
                <permission>change_content_type</permission>
                <permission>site_status</permission>
                <permission>resolve_conflict</permission>
                <permission>site_diff_conflicted_file</permission>
                <permission>commit_resolution</permission>
                <permission>cancel_failed_pull</permission>
                <permission>publish_clear_lock</permission>
            </allowed-permissions>
        </rule>
    </role>
    <role name="site_admin">
        <rule regex="/.*">
            <allowed-permissions>
                <permission>search_plugins</permission>
            </allowed-permissions>
        </rule>
    </role>
</permissions>

Description

List of available permissions

Permission	Description
add_remote	User is permitted to add a remote repository
audit_log	User is permitted to access the audit log
cancel_failed_pull	User is permitted to cancel a failed pull from a repository
cancel_publish	User is permitted to cancel a publish request
change_content_type	User is permitted to change content type
commit_resolution	User is permitted to commit resolution
configure_log_levels	User is permitted to configure log levels
content_copy	User is permitted to copy content
content_create	User is permitted to create new content
content_delete	User is permitted to delete content
content_read	User is permitted to read content
content_search	User is permitted to search for content
content_write	User is permitted to edit content
folder_create	User is permitted to create new folder
create_cluster	User is permitted to create cluster
create_groups	User is permitted to create new groups
create_users	User is permitted to create new users
create_site	User is permitted to create projects
delete_site	User is permitted to delete projects
delete_cluster	User is permitted to delete clusters
delete_groups	User is permitted to delete groups
delete_users	User is permitted to delete users
edit_site	User is permitted to edit sites
encryption_tool	User is permitted to access the encryption tool
get_children	User is permitted to call getChildren* APIs for browsing project content
get_publishing_queue	User is permitted to get the list of packages in the publishing queue
install_plugins	User is permitted to install plugins
item_unlock	User is permitted to unlock items
list_plugins	User is permitted to list installed plugins
list_remotes	User is permitted to list remote repositories for a project
manage_access_token	User is permitted to manage the access tokens
publish	User is permitted to approve submitted content for publishing or publish content
publish_status	User is permitted to get the publishing status
publish_clear_lock	User is permitted to clear publishing locks
pull_from_remote	User is permitted to pull content from remote repository to project content repository
push_to_remote	User is permitted to push content to remote repository from project content repository
read_configuration	user is permitted to read configuration content for project
read_cluster	User is permitted to read cluster
read_groups	User is permitted to read groups
read_logs	User is permitted to read logs
read_users	User is permitted to read users
rebuild_database	User is permitted to rebuild Crafter Studio’s database and object state with the underlying repository
remove_plugins	User is permitted to remove installed plugins
remove_remote	User is permitted to remove remote repository from project content repository
repair_repository	User is permitted to repair the repository
resolve_conflict	User is permitted to resolve a conflict for a file by accepting ours or theirs
s3_read	User is permitted to get a list of items from an S3 bucket
s3_write	User is permitted to upload a file to an S3 bucket
search_plugins	User is permitted to search for plugins
set_item_states	User is permitted to set item states
site_diff_conflicted_file	User is permitted to get the difference between `ours` and `theirs` for a conflicted file for a project
site_status	User is permitted to get status of repository for a project
start_stop_publisher	User is permitted to start/stop the publisher
unlock_repository	User is permitted to unlock the repository
update_cluster	User is permitted to update cluster
update_groups	User is permitted to update groups
update_users	User is permitted to update users
view_logs	User is permitted to view logs
view_log_levels	User is permitted to view log levels
webdav_read	User is permitted to get a list of items from a WebDAV server
webdav_write	User is permitted to upload a file to a WebDAV server
write_configuration	User is permitted to write configuration content for project
write_global_configuration	User is permitted to write global configuration content for Studio

where:

/permissions/site/role@name Role name
/permissions/site/role/rule@regex Regular expression to filter paths where permission is applied. The value regex="~DASHBOARD~" is a special regular expression applied for content displayed in dashboard widgets only
/permissions/site/role/rule/allowed-permissions/permission Allowed permission for role and rule (possible values given in the table above)

Global Role Mappings Config 

The global role mappings config contains the role mappings for groups created in CrafterCMS that needs global permissions. For more information on groups, see Groups Management

To access the global role mappings config file, using your favorite editor, navigate to CRAFTER_HOME/data/repos/global/configuration/ then open the file global-role-mappings-config.xml. Remember to restart Crafter so your changes to the file will take effect.

Here’s the default global role mappings configuration (click on the triangle on the left to expand/collapse):

Sample "global-role-mappings-config.xml"

CRAFTER_HOME/data/repos/global/configuration/global-role-mappings-config.xml

<?xml version="1.0" encoding="UTF-8"?>
<!--
  ~ Copyright (C) 2007-2022 Crafter Software Corporation. All Rights Reserved.
  ~
  ~ This program is free software: you can redistribute it and/or modify
  ~ it under the terms of the GNU General Public License version 3 as published by
  ~ the Free Software Foundation.
  ~
  ~ This program is distributed in the hope that it will be useful,
  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  ~ GNU General Public License for more details.
  ~
  ~ You should have received a copy of the GNU General Public License
  ~ along with this program.  If not, see <http://www.gnu.org/licenses/>.
  -->

<!--


-->

<role-mappings>
    <groups>
        <group name="system_admin">
            <role>system_admin</role>
        </group>
        <group name="site_admin">
            <role>site_admin</role>
        </group>
    </groups>
</role-mappings>

Default Global Role

CrafterCMS comes with a predefined global role system_admin out of the box.

Users with the system_admin role have access to everything in the CMS such as all the modules in the Main Menu for managing users, groups, etc., all the sites and configuration files, creating/editing layouts, templates, taxonomies, content types, scripts, etc. in addition to creating and editing content, as well as the ability to approve and reject workflow.

See Global Permission Mappings Config for more information on all items accessible for the system_admin role.

Global Menu Config 

The Global Menu Config configuration file defines what modules are available for administration use when clicking on the Navigation Menu from the top bar.

To see the default modules available from the Navigation Menu, see Navigating the Navigation Menu

Here is the default Global Menu Config configuration file (click on the triangle on the left to expand/collapse). To access the file, using your favorite editor, navigate to CRAFTER_HOME/data/repos/global/configuration/ then open the file global-menu-config.xml. Remember to restart Crafter so your changes to the file will take effect.

Sample "global-menu-config.xml"

CRAFTER_HOME/data/repos/global/configuration/global-menu-config.xml

<?xml version="1.0" encoding="UTF-8"?>
<!--
  ~ Copyright (C) 2007-2022 Crafter Software Corporation. All Rights Reserved.
  ~
  ~ This program is free software: you can redistribute it and/or modify
  ~ it under the terms of the GNU General Public License version 3 as published by
  ~ the Free Software Foundation.
  ~
  ~ This program is distributed in the hope that it will be useful,
  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  ~ GNU General Public License for more details.
  ~
  ~ You should have received a copy of the GNU General Public License
  ~ along with this program.  If not, see <http://www.gnu.org/licenses/>.
  -->

<!--
    This file contains global menu configuration for Crafter Studio.
	The global menu shows up as the first screen after a user logs in
	and displays a list of tools for the user including the list of sites.

    The structure of this file is:
	<globalMenu>
		<items>
			<item>
				<id />
				<label />
				<icon />
				<permission />
			</item>
		</items>
	</globalMenu>

-->

<globalMenu>
    <items>
        <item>
            <id>home.globalMenu.sites</id>
            <label lang="en">Sites</label>
            <icon>fa-sitemap</icon>
            <permission>*</permission>
        </item>
        <item>
            <id>home.globalMenu.users</id>
            <label lang="en">Users</label>
            <icon>fa-user</icon>
            <permission>create_users</permission>
        </item>
        <item>
            <id>home.globalMenu.groups</id>
            <label lang="en">Groups</label>
            <icon>fa-users</icon>
            <permission>create_groups</permission>
        </item>
        <item>
            <id>home.globalMenu.audit</id>
            <label lang="en">Audit</label>
            <icon>fa-bars</icon>
            <permission>audit_log</permission>
        </item>
        <item>
            <id>home.globalMenu.logging-levels</id>
            <label lang="en">Logging Levels</label>
            <icon>fa-level-down</icon>
            <permission>read_logs</permission>
        </item>
        <item>
            <id>home.globalMenu.log-console</id>
            <label lang="en">Log Console</label>
            <icon>fa-align-left</icon>
            <permission>read_logs</permission>
        </item>
        <item>
            <id>home.globalMenu.globalConfig</id>
            <label lang="en">Global Config</label>
            <icon>fa-globe</icon>
            <permission>write_global_configuration</permission>
        </item>
        <item>
            <id>home.globalMenu.encryptionTool</id>
            <label lang="en">Encryption Tool</label>
            <icon>fa-lock</icon>
            <permission>encryption_tool</permission>
        </item>
        <item>
            <id>home.globalMenu.tokenManagement</id>
            <label lang="en">Token Management</label>
            <icon>fa-key</icon>
            <permission>manage_access_token</permission>
        </item>
    </items>
</globalMenu>