One of DatoCMS strenghts is how you can give extremely granular permissions to every user you invite to a project. Just a week ago we released a much requested new feature to our roles system called creator-based permissions, which allow a whole new set of complex permission rules.
To explain what this new feature does and, more in general, how you can make the most out of DatoCMS roles, we’re going to run through a real-world example where setting proper permissions is vital for the project itself.
The most obvious example would be an editorial platform that creates a constant flow of new content, like an online newspaper.
The first instance of a role that you will run into when working with DatoCMS is of course yourself as the Admin.
- can perform any action on any record contained of the project,
- can publish the website on any environment (e.g. staging, production),
- can invite new users to the project, and
- has complete access to the project's settings.
This is the role that the project creator inherits automatically and in a small project, if you’re managing it by yourself, you won’t need to create more roles.
But we’re creating a platform for an online newspaper that will have many people involved with different responsibilities, so let’s see what our next steps are going to be.
Your client tells you that they need to create articles for the three main categories that they run daily: news, economics and sports.
First thing you’ll do is to setup the project's schema, creating a model for each one of these kind of articles and adding some the fields for these models:
Now that you have the basic structure for you project, you need to add roles for the people that will work on your platform.
The first role that you’re going to create is the Chief editor, which:
- must be able to edit/review any article,
- has the final say to publish them in production, and
- must be able to add new article writers.
Translating this to your DatoCMS project means:
- being able to perform any action on every record created by anyone on the platform
- publish the website in every environment available
- invite new users.
It's quite similar to the Admin role. What differs is the fact that he can't access or make changes to any of the projects settings, thus preventing him from inadvertently make some damage.
Now we need to manage freelance writers. We want them to be free to create new content for the newspaper section of their competence (e.g. sports) and preview it in the staging website, but not publishing the article on production. Only the chief editors can do that. We also do not want them to make changes to articles written by other writers.
This is the perfect example to illustrate the new creator-based permissions feature just added to our roles system.
To translate this requirement into DatoCMS language, we need to create a new role, the Sports freelance writer, that can perform every action only on the records of the Sports article model and, most importantly, created by the user itself. We also allow this role to publish only on the Staging environment.
We can create similar roles for the news and economics sections of the newspaper.
Another important figure for a newspaper might be someone that makes sure articles look great. We’ll call it the Art director. An art director must be able to review the quality of the images used inside any article and the way the text is presented.
In DatoCMS we'll set this role so that it is allowed to read and update every record available (regardless the model) but we’re not interested to make this role able to create any new record.
The art director, just like our freelance writers, will need to see what the article is going to look like, so we’ll set the publishing rule to staging again.
The last role you need for your newspaper is the Proof-reader. Let’s say the chief editor approved an article and published it, but a typo is still there. It's a proof-reader responsibility to find errors, correct them and publish the changes, even in production.
- there’s no need for this role to create new records (just like the art-director) but it will need to update any record available;
- the proof-reader will also need to publish on every environment, so we’ll set no limitations for the publishing rule;
As you’ve seen, DatoCMS permissions system is very flexible and can be adapted for any kind of project you might need. In just a few minutes we created a complex editorial workflow, suitable for most mid-sized online newspapers.
The new creator-based permissions allows even more specific and useful permissions, letting the admin (or in this case, the chief editor) to easily create new roles that will work on a specific part of the project.
Please, try out our roles in one of your projects or demos, and let us know how it went!