Roles and permissions
Uniform gives you the ability to control who can use specific components and how they can be used. This is configured using role-based permissions.
Roles are defined at the team level, but are assigned to users on a per-project basis. This means that a user may be assigned a certain role on one project and a different role on another project.
Permissions are assigned to components by role. This means that if two users are assigned to different roles in the project, they may have different permissions on each component in the project.
About access control#
Uniform functionality is always performed by either a user or an API key. Therefore, access control is applied to users and API keys.
- Access control is set on the project level. This enables a specific user or API key to be granted permissions on a per-project basis.
- Access control is granted in one of two ways: roles or custom permissions.
- If roles are used, the permissions assigned role(s) are granted.
- If custom permissions are used, the custom permissions are granted.
Permissions#
Permissions are assigned to composition components to control which roles can create different compositions. Custom permissions enable more granular control over access to composition components. After configuring users and roles, team administrators can navigate to a composition component in Canvas, choose the permissions tab, and add role-based permissions to the component.
Roles#
Roles are a reusable collection of permissions that are defined on a team and are assigned to users and API keys.
The following roles are added to a team by default when the team is created:
| Product | Permission category | Permission | Developer | Editor | Viewer |
|---|---|---|---|---|---|
| Canvas | Components/ Content Types / AI Prompts | Manage | yes | no | no |
| Canvas | Compositions / Entries / Assets | Create | yes | yes | no |
| Canvas | Compositions / Entries / Assets | Delete | yes | yes | no |
| Canvas | Compositions / Entries / Assets | Publish | yes | no | no |
| Canvas | Compositions / Entries / Assets | Read Draft | yes | yes | yes |
| Canvas | Compositions / Entries / Assets | Read Published | yes | yes | yes |
| Canvas | Compositions / Entries / Assets | Update | yes | yes | no |
| Canvas | Data sources | Manage | yes | yes | no |
| Canvas | Data types | Manage | yes | yes | no |
| Canvas | Project map | Manage | yes | yes | no |
| Canvas | Redirects | Manage | yes | yes | no |
| Canvas | Releases | Create | yes | yes | no |
| Canvas | Releases | Delete | yes | no | no |
| Canvas | Releases | Launch | yes | no | no |
| Canvas | Releases | Update | yes | yes | no |
| Context | Read Drafts | yes | yes | yes | |
| Context | Enrichments | Create | yes | yes | no |
| Context | Enrichments | Delete | yes | yes | no |
| Context | Enrichments | Update | yes | yes | no |
| Context | Intents & Audiences | Create | yes | yes | no |
| Context | Intents & Audiences | Delete | yes | yes | no |
| Context | Intents & Audiences | Update | yes | yes | no |
| Context | Manifest | Publish | yes | no | no |
| Context | Manifest | Read | yes | yes | yes |
| Context | Quirks | Create | yes | yes | no |
| Context | Quirks | Delete | yes | yes | no |
| Context | Quirks | Update | yes | yes | no |
| Context | Signals | Create | yes | yes | no |
| Context | Signals | Delete | yes | yes | no |
| Context | Signals | Update | yes | yes | no |
| Context | Tests | Create | yes | yes | no |
| Context | Tests | Delete | yes | yes | no |
| Context | Tests | Update | yes | yes | no |
tip
Team admins can change or delete these roles. They're added for convenience and aren't required in order for Uniform to function.
Common tasks#
Assign composition permissions#
You are able to assign permissions on composition components to control which roles are able to create, edit, and delete certain kinds of compositions.
Use case
If you are building a site with sensitive pages, such as those with legal information, you might want to restrict the ability to create these kinds of pages to certain users.
Permissions must be assigned to a composition component to allow team members or APIs to work with compositions. Custom permissions can extend how permissions are applied. To grant Create and Read access to compositions, the user must also have "Manage Component Library" access. Also, if a role or API has read access to a composition that has been personalized, they will have read access to context elements.
In Canvas > Composition library, open a component that's marked as a composition component.
Navigate to the tab Permissions.
Turn off the option Use team permissions.
About this step
When this option is enabled, any user with permission Compositions Create can create compositions using the composition component. Disabling this option allows you to override this setting to prevent users from being able to use this composition component.
Click Add permissions to component button.
Select the role you want the permissions to be applied to.
Select the permissions you want to be applied:
Permission Description Read View compositions created using the component. Write Make changes to and publish compositions created using the component. Create Create new compositions using the component. Delete Delete compositions created using the component. Click OK.
Click Save to save the changes to the component.
Create role#
You create a new user by inviting the person to Uniform.
- In Uniform, navigate to Security > Roles.
- Click the red Add role button.
- Enter the role's name
- Select the permissions you want to assign.
- Click Add Role.
Delete role#
Deleting a role enables you to remove the role from your Uniform team.
- In Uniform, navigate to Security > Roles.
- Click the name of the role you want to delete.
- Click Delete Role.
- Click OK.
Update role#
Editing a role enables you to change the permissions for the role.
- In Uniform, navigate to Security > Roles.
- Click the name of the role you want to edit.
- Select the permissions you want to assign.
- Click Save.