Roles and permissions

Uniform uses role-based access control to manage what users and API keys can do in your projects.

A role is a reusable collection of permissions defined at the team level. When you add a user or API key to a project, you assign one or more roles to grant access. Since roles are assigned per project, the same user can have different roles on different projects.

Assigning multiple roles lets you create focused, single-purpose roles that combine to provide precise access control.

Permissions define what actions a role can perform. Uniform provides two ways to configure permissions for roles:

Default permissions apply to all projects that don't have specific project policies configured. They serve as the fallback permissions for a role.

Default permissions are ideal for roles that need simple, broad access without granular control. For example, a Developer role typically has admin-like permissions across all projects and doesn't require fine-grained restrictions on specific entities.

For instructions on configuring default permissions, see manage default permissions.

Project policies override default permissions

When a role has a project policy configured for a specific project, default permissions for that role are ignored. The project policy becomes the sole source of permissions for that role in that project.

Project policies grant or deny granular, project-specific permissions that can target specific entities such as compositions, entries, patterns, or content types. Project policies are better suited for roles that require entity-specific permissions, such as restricting an editor to only specific content types or compositions.

For detailed information about project policies, see project policies.

When a user or API key has multiple roles assigned to a project, Uniform evaluates their effective permissions as follows:

  • Any permission not explicitly granted is denied by default.
  • Effective permissions are the union of all granted permissions across all assigned roles. These granted permissions can come from default permissions and/or project policies.
  • If any role explicitly denies a permission, the deny takes precedence over allows from other roles.
Roles list page showing available roles of a team
Roles list page showing available roles of a team

When a team is created, Uniform automatically adds three default roles: Developer, Editor, and Viewer. These built-in roles are intended to cover the most common access needs out of the box. In addition, they are available as starter presets whenever you create a new custom role or configure default permissions or project policies.

The following sections describe the permissions for each role:

The Developer role has full access to all Uniform features and is designed for technical team members who need complete control over projects.

Permissions:

  • Manage components, content types, and AI prompts
  • Create, update, delete, and publish all content (compositions, entries, assets)
  • Manage data sources, data types, project maps, and redirects
  • Complete control over releases (create, update, delete, and launch)
  • Create, update, and delete enrichments, intents & audiences, quirks, signals, and tests
  • Publish manifests and read both draft and published content

The Editor role is designed for content creators and provides broad access to content management with limited administrative capabilities.

Permissions:

  • Create, update, and delete content (compositions, entries, assets)
  • Read both draft and published content
  • Manage data sources, data types, project maps, and redirects
  • Create and update releases (but cannot delete or launch them)
  • Create, update, and delete enrichments, intents & audiences, quirks, signals, and tests
  • Read draft content and published manifests

Limitations:

  • Cannot manage components, content types, or AI prompts
  • Cannot publish content or manifests
  • Cannot delete or launch releases

The Viewer role provides read-only access across the platform and is ideal for stakeholders who need to review content without making changes.

Permissions:

  • Read both draft and published content (compositions, entries, assets)
  • Read published manifests and other platform content
  • No create, update, delete, or publish capabilities

tip

Team admins can change or delete these roles. They're added for convenience and aren't required in order for Uniform to function. You can also use these roles as presets when creating new custom roles from the Add new dropdown.

You can create a new role from scratch or use one of the predefined presets as a starting point.

Create a role from scratch:

  1. In Uniform, navigate to Security > Roles.
  2. Click the Add new button.
  3. Enter the role's name and optionally a description.
  4. Configure the default permissions and project policies as needed.
  5. Click Save.

Create a role from a preset:

  1. In Uniform, navigate to Security > Roles.
  2. Click the dropdown arrow on the Add new button.
  3. Select one of the presets: Developer, Editor, or Viewer.
  4. The new role is created with preconfigured default permissions based on the selected preset.
  5. Modify the role name, description, and default permissions as needed.
  6. Click Save.
Create a role from a preset
Create a role from a preset

You can duplicate an existing role to use it as a starting point for a new role.

  1. In Uniform, navigate to Security > Roles.
  2. Click the menu on the role you want to duplicate.
  3. Select Duplicate.
  4. A new role is created with the same permissions as the original.
  5. Modify the role name, description, and permissions as needed.
  6. Click Save.

Deleting a role enables you to remove the role from your Uniform team.

  1. In Uniform, navigate to Security > Roles.
  2. Click the name of the role you want to delete.
  3. Click Delete Role.
  4. Click OK.

Editing a role enables you to change the permissions for the role.

  1. In Uniform, navigate to Security > Roles.
  2. Click the name of the role you want to edit.
  3. Modify the role name, description, default permissions, or project policies as needed.
  4. Click Save.
Role editor
Role editor

  1. In Uniform, navigate to Security > Roles.

  2. Click the name of the role you want to configure.

  3. In the Project policies section, click Default permissions.

  4. Configure the permissions using the checkboxes. Permissions are organized into two main groups:

    Uniform Canvas

    • Uniform Canvas: Read access to canvas assets (always enabled)
    • AI Prompts: Manage AI prompts
    • Components: Manage component definitions
    • Compositions / Entries / Assets: Create, delete, publish, read published, and update
    • Content Types: Manage content type definitions
    • Data Sources: Manage data sources
    • Data Types: Manage data types
    • Project Map: Manage project maps and nodes
    • Redirects: Manage redirects
    • Releases: Create, delete, launch, and update

    Uniform Context

    • Uniform Context: Read drafts and preview manifest
    • Enrichments: Create, delete, and update
    • Intents & Audiences: Create, delete, and update
    • Quirks: Create, delete, and update
    • Signals: Create, delete, and update
    • Tests: Create, delete, and update
    • Manifest: Publish and read the manifest

  5. Click Ok to save the default permissions.

  6. Click Save to save the role.

Manage default permissions for a role
Manage default permissions for a role

tip

You can use Apply preset to quickly apply Developer, Editor, or Viewer permission sets, or use Select all / none to toggle all permissions.

For instructions on creating and managing project policies, see project policies.

Due to dependencies between entities in Uniform, it can be challenging to create a role from scratch. Use the permission presets as a starting point and then modify the permissions as needed.

You can assign multiple roles to a user on a project to create granular access control. This allows you to build focused, reusable roles that can be combined for specific use cases. For details on how permissions are resolved when roles are combined, see how permissions are evaluated.

Tips:

  • When using combined roles then keep each role focused to represent specific capabilities (e.g., "Content Editor", "Model Manager", "Release Manager"). Otherwise, it can be difficult to understand where a granted permission is coming from.
  • Use deny rules sparingly and only when you need to explicitly block access that would otherwise be granted.
  • Test combined role access with a test user.
  • Document your role combinations to help team admins understand how permissions are structured.

The recommended approach for testing role configurations is to create a dedicated test user account and assign them to the project with the roles you want to verify. This allows you to see exactly what a user with those roles will experience.

note

It's not possible to simulate another user and their assigned roles as a team admin. You must log in as the test user to verify the role configuration.

  1. Create a test user account (or use an existing one).
  2. Assign the test user to the project with the roles you want to test.
  3. Use one of the following methods to test the role configuration:
    • Two different browsers: Open one browser logged in as the team admin and another browser logged in as the test user.
    • Browser profiles: Use different browser profiles (for example, Chrome Profiles) and open each profile in a separate window. Use one window for the admin session and another for the test user session.
  4. In the admin session, configure the role permissions.
  5. In the test user session, verify that the permissions work as expected by attempting to perform the actions that should be allowed or restricted.
  6. Iterate on the role configuration until the permissions match your requirements.

Project policies

Configure granular, entity-specific permissions for roles.

Common policy scenarios

Step-by-step examples for common permission configurations.

Users

Invite and manage team members and their project access.

API keys

Create and manage API keys for programmatic access.

Last modified
Previous
Users
Next
Project policies