Jhon

Feb 26, 2023

Roles and permissions

Organization roles vs space roles

Contentful's domain model has different roles at the organization level versus the space level. But what do we mean when we use the term role? In Contentful, roles are used to grant permissions for a group of users to see and perform tasks related to their job. For example, maybe a Freelancer can only edit content that they have created while an Author can edit any content that has been created.  Since we have both organization-level and space-level roles, it's important to take a moment to review the differences. Select the tabs below to explore more.

Organization Role

Organization roles are assigned when a user is invited to an organization.

    •    By default, the user who creates the organization is assigned the Owner role. 

    •    Every user in an organization needs, and can only have, one organization role.

For example, the image below shows a user with the organization role of Member.

Space Roles

• Space roles grant permissions to see and manage content within a space.

•  They can be assigned to both individual users and teams of users. 

•  If a user is a member of multiple spaces, they can have different roles for each space. 

•  If a user has an individual space role, and is also a member of a team with a space role, the user will be granted permissions from both roles. For example, the image below shows a user who belongs to two different spaces and has been assigned two different space roles (Author and Freelancer).

What are the specific roles?

There are specific roles at the organization-level versus the space-level. Select the tabs below to explore what roles are available at both the space level and organization level.

Organization Roles

There are four organization roles. Remember, every user in an organization can only have one organization role. 

• Owner - can manage everything at the organization level. There must always be at least one owner in an organization.

• Org Admin - can manage everything at the organization level except billing and subscription.

• Developer - can manage organizational development entities and can access spaces and teams they are added to.

• Member - can only access spaces and teams they are added to.

Most of the users in your space will be Members. Members can be assigned to a single space or multiple spaces across your organization.

Space Roles

There are five out-of-the-box roles that come with premium plans. The Space Admin can edit the permissions of the four other roles so the permissions described below for Author, Editor, Freelancer, and Translator are not fixed. These permissions simply represent what you get out-of-the-box.

• Space Admin - can do everything, including work with entries, create and update content types, configure space settings and work with API keys.

• Author - can create and edit content, but cannot publish/unpublish, archive/unarchive, or delete content.

• Editor - can do everything an author can do in addition to publish/unpublish, archive/unarchive, and delete content.

• Freelancer - can create content and edit the content created by themselves.

• Translator - can edit the content in the language they translate to, but can never modify the source content. They also can't create content. They cannot publish/unpublish, archive/unarchive, or delete content.

• Custom* - can have whatever permissions and access to content the Admin in the space sets up for them.

* Custom roles are only available on premium plan accounts. Space admin can create these custom roles.

Org admin vs space admin

You've probably noticed that we have two types of admins: Org Admins and Space Admins. It's easy to get these different admins mixed up and forget which role is responsible for which tasks.  Review their different responsibilities below: