DEV Community

Hygraph profile image Jamie Barton
Jamie Barton for Hygraph

Posted on

4 6

Working with Custom Roles and Permissions at GraphCMS

#graphql #headlesscms #permissions #cms

At some point you'll want to invite others to contribute, review or manage content, and if you're an agency or large enterprise, you'll want to enable advanced permissions such as schema editing and environments across the development team.

That's why at GraphCMS we have a set of default roles available for you to use, and even the ability to create your own custom roles for ultimate granularity within your use case.

The default roles available are;

  • Contributor: Ability to create and update content.
  • Editor: Everything Contributor can do and delete content.
  • Developer: Can do everything Editor can, and create, update and delete models/enums.
  • Admin: Can do everything a Developer can, and manage teams, create and update projects.
  • Owner: Can do everything Admin can, and change billing and delete projects.

Once you're ready to invite a user, head your project settings and choose "Members" from the sidebar. It's here you can manage your team, custom roles and pending invites.

Let's go ahead and invite someone to our team...

Invite new user

All that's needed is an email and a role...

Invite user dialog

That's it! The invitee will then receive an email with a link to accept the invitation, and if the user is already a GraphCMS user, they will be able to see this project and their own in their project select screen after sign-in.

 Custom roles

But what about custom roles I hear you ask...

Well we've made it just as easy to create a custom role.

Custom roles list

Once you click + Create New, you'll be presented with a form to give the custom role a Name, Description and permissions picker.

To speed things up, you can copy permissions from another default or custom role, and then fine tune. Otherwise you can go ahead and select the required permissions.

For this example, we'll create a new custom role for API Access Commander. The purpose of this role is to only allow users of this role to create, read, update and deleting Permanent Auth Tokens, as well as Read stages and Read existing environments.

Create a Custom Role dialog

Now if I go ahead and invite a new user using the API Access Commander role, they'll be limited in what they can do once logged in!

Invite API Access Commander dialog

📌 Don't forget to add Read stages and Read existing environments to the accepted permissions.

That's it! When the invited user logs in they'll notice a restricted sidebar.

GraphCMS sidebar

profile
Heroku
 Promoted

Heroku

Build AI apps faster with Heroku.

Heroku makes it easy to build with AI, without the complexity of managing your own AI services. Access leading AI models and build faster with Managed Inference and Agents, and extend your AI with MCP.

Get Started

Top comments (0)

profile
TigerData (Creators of TimescaleDB)
 Promoted

Tiger Data image

🐯 🚀 Timescale is now TigerData: Building the Modern PostgreSQL for the Analytical and Agentic Era

We’ve quietly evolved from a time-series database into the modern PostgreSQL for today’s and tomorrow’s computing, built for performance, scale, and the agentic future.

So we’re changing our name: from Timescale to TigerData. Not to change who we are, but to reflect who we’ve become. TigerData is bold, fast, and built to power the next era of software.

Read more

👋 Kindness is contagious

Dive into this thoughtful piece, beloved in the supportive DEV Community. Coders of every background are invited to share and elevate our collective know-how.

A sincere "thank you" can brighten someone's day—leave your appreciation below!

On DEV, sharing knowledge smooths our journey and tightens our community bonds. Enjoyed this? A quick thank you to the author is hugely appreciated.

Okay