Common scenarios for project policies
The following scenarios address common access control patterns using project policies. Use them as-is or customize for your specific requirements.
tip
These scenarios can be combined by assigning multiple roles to a user. For example, a "Content editor" could also be assigned a "Release manager" role to gain release management capabilities.
Content editor#
This is a comprehensive editor role that enables users to perform most editorial tasks in Uniform without the need to be a developer. In addition to the default "Editor" preset, it grants publishing permissions for compositions, entries, and component patterns.
Key characteristics:
- Full component pattern access: Editors can fully manage component patterns, allowing them to create custom reusable components or schedule individual components in releases.
- Read-only patterns: Composition patterns and entry patterns are read-only, as these are typically managed by developers or architects.
- Context dimensions: Editors can create and manage Context dimensions (signals, enrichments, quirks) and tests, but cannot publish the manifest.
| Permission | Granted |
|---|---|
| Compositions | Read draft, Read published, Create, Update, Delete, Publish |
| Composition patterns | Read draft, Read published |
| Component patterns | Read draft, Read published, Create, Update, Delete, Publish |
| Project map | Manage |
| Redirects | Read, Create, Update, Delete |
| Releases | Read, Create, Update, Delete, Launch |
| Entries | Read draft, Read published, Create, Update, Delete, Publish |
| Entry patterns | Read draft, Read published |
| Assets | Read, Create, Update, Delete |
| Components | Read |
| Content types | Read |
| Data sources | Read, Manage |
| Data types | Read, Manage |
| Manifest | Read draft, Read published |
| Signals | Read, Create, Update, Delete |
| Intents & audiences | Read, Create, Update, Delete |
| Enrichments | Read, Create, Update, Delete |
| Quirks | Read, Create, Update, Delete |
| Tests | Read, Create, Update, Delete |
What this role cannot do:
- Cannot publish the Context manifest (can only read draft and published versions)
- Cannot create or modify composition patterns or entry patterns
Editor with selective access#
Use this role when editors need broad access but specific compositions or entries should be restricted. Useful for protecting critical content like the homepage or executive profiles.
This role uses Granted permissions for broad access, then Denied permissions to restrict specific items.
Granted permissions#
Use the same granted permissions as the Content editor role.
Denied permissions#
| Permission | Denied | Criteria |
|---|---|---|
| Compositions | Read draft, Read published, Create, Update, Delete, Publish | Specific compositions → Select restricted items (e.g., Homepage, Secret product launches) |
| Entries | Read draft, Read published, Create, Update, Delete, Publish | Specific entries → Select restricted items |
note
With Denied permissions, you only need to maintain the list of restricted items. New compositions and entries automatically inherit access from the Granted permissions, so you don't need to update the policy as your project grows.
Blog editor#
Use this role when users should only manage blog-related content, including both entry-based posts and bespoke composition-based posts with complex layouts.
Key characteristics:
- Layered composition access: Editors can view all compositions for linking purposes, edit specific blog-related compositions, and create new bespoke posts only from approved composition patterns.
- Pattern-based creation: New bespoke posts must be created from a designated composition pattern.
- Full entry management: Editors have complete control over blog entries (Posts, Categories) for standard posts.
- Release management: Editors can schedule and launch their blog posts using releases.
| Permission | Granted | Criteria |
|---|---|---|
| Compositions | Read draft, Read published | — |
| Compositions | Read draft, Read published, Update, Publish | Specific compositions → Select blog-related compositions that are needed for previewing the blog and posts |
| Compositions | Read draft, Read published, Create, Update, Delete, Publish | By composition pattern → Select "Custom blog post" pattern |
| Composition patterns | Read draft, Read published | By composition pattern → Select "Custom blog post" pattern |
| Component patterns | Read draft, Read published | — |
| Releases | Read, Create, Update, Delete, Launch | — |
| Entries | Read draft, Read published, Create, Update, Delete, Publish | By content type → Select blog content types |
| Components | Read | — |
| Content types | Read | — |
| Data sources | Read | — |
| Data types | Read | — |
note
The layered composition permissions allow editors to view all compositions, edit specific blog pages, and create new posts only from approved patterns.
What this role cannot do:
- Cannot edit or delete compositions outside of the blog section
- Cannot create compositions without using an approved pattern
- Cannot manage components, content types, or data sources
- Cannot publish the Context manifest or manage personalization dimensions
tip
This scenario can be adapted to any content type that powers dynamic compositions, such as products, press releases, or job postings.
Entry contributor#
Use this role for users who manage a limited set of content types and need minimal training. Ideal for external consultants, regional managers, or occasional contributors.
| Permission | Granted | Criteria |
|---|---|---|
| Entries | Read draft, Read published, Create, Update, Delete, Publish | By content type → Select allowed content types |
| Assets | Read, Create, Update, Delete | — |
| Content types | Read | — |
| Releases | Read, Create, Update | — |
What this role cannot do:
- Cannot read or edit compositions. If you need to allow entry preview then you should also grant read access to a few specific compositions.
- Cannot edit patterns, components, content types, or data sources
- Cannot manage redirects or Context dimensions
Pattern-only creator#
Use this role when editors should manage content normally but must use predefined patterns when creating new compositions or entries. This allows you to enforce that the common composition and content structures are enforced and provide a more guided authoring experience.
| Permission | Granted | Criteria |
|---|---|---|
| Compositions | Read draft, Read published, Update, Delete, Publish | — (broad access without Create) |
| Compositions | Read draft, Read published, Create, Update, Delete, Publish | By composition pattern → Select allowed patterns |
| Entries | Read draft, Read published, Update, Delete, Publish | — (broad access without Create) |
| Entries | Read draft, Read published, Create, Update, Delete, Publish | By entry pattern → Select allowed patterns |
| Assets | Read, Create, Update, Delete | — |
| Components | Read | — |
| Content types | Read | — |
| Data sources | Read | — |
| Data types | Read | — |
| Project map | Manage | — |
| Releases | Read, Create, Update, Delete, Launch | — |
note
The Create permission is intentionally omitted at the broad level but granted with pattern criteria. This forces users to create new items from patterns only.
Experience assembler#
Use this role when content is managed in external systems (CMS, DAM) and Uniform is used only for page assembly and experience orchestration. This is a common scenario when using Uniform as a digital experience composition platform (DXCP).
| Permission | Granted | Criteria |
|---|---|---|
| Compositions | Read draft, Read published, Create, Update, Delete, Publish | By composition pattern → Select allowed patterns |
| Composition patterns | Read draft, Read published | — |
| Component patterns | Read draft, Read published | — |
| Project map | Manage | — |
| Releases | Read, Create, Update, Delete, Launch | — |
| Components | Read | — |
| Content types | Read | — |
| Data sources | Read | — |
| Data types | Read | — |
| Manifest | Read draft, Read published, Publish | — |
| Tests | Read, Create, Update, Delete | — |
What this role cannot do:
- Cannot view or manage entries or assets (content lives in external systems)
- Cannot edit component definitions, content types, or data sources
- Cannot manage redirects or Context dimensions (signals, enrichments, quirks)
Model manager#
Use this role for developers or experience architects who manage the experience model without editing content.
| Permission | Granted |
|---|---|
| Components | Read, Manage |
| Content types | Read, Manage |
| Data sources | Read, Manage |
| Data types | Read, Manage |
Release manager#
Use this role for users who coordinate release workflows without editing content directly. Ideal for project managers or release coordinators.
| Permission | Granted |
|---|---|
| Releases | Read, Create, Update, Delete, Launch |
| Compositions | Read draft, Read published, Publish |
| Entries | Read draft, Read published, Publish |
| Component patterns | Read draft, Read published, Publish |
| Composition patterns | Read draft, Read published, Publish |
| Entry patterns | Read draft, Read published, Publish |
| Assets | Read |
| Components | Read |
| Content types | Read |
What this role cannot do:
- Cannot create, edit, or delete compositions, entries, or assets
- Cannot manage project map or redirects
Personalization specialist#
Use this role for users who focus on personalization and testing without managing content structure. Ideal for marketing analysts or optimization specialists.
| Permission | Granted |
|---|---|
| Signals | Read, Create, Update, Delete |
| Intents & audiences | Read, Create, Update, Delete |
| Enrichments | Read, Create, Update, Delete |
| Quirks | Read, Create, Update, Delete |
| Tests | Read, Create, Update, Delete |
| Manifest | Read draft, Read published, Publish |
What this role cannot do:
- Cannot create, edit, or delete compositions or entries
- Cannot manage assets, project map, or redirects
- Cannot manage releases