The DatoCMS Blog

New feature: Media Area granular permissions

Posted on November 2nd, 2020 by Stefano Verna

As the number of collaborators grows, the need to be able to control and regulate who can do what within a DatoCMS project becomes increasingly evident.

For years, DatoCMS has had one of the most advanced granular roles and permissions systems in the CMS market, allowing you to specify different allow/block rules for each individual model in the project.

Starting today, it is possible to control, with the same level of detail, who can do what in the Media Area.

As you can see from the screenshot, each role can specify different permissions for each action (read, modify, delete). It is possible to allow operations on all assets, only for assets created by the user, or only for assets created by users who share the same role as the user in question:

The renewed Roles interface allows you to specify granular permissions on the assets present in the Media Area

Of course, to allow for this kind of granularity now the assets bring with them additional information, that is the creator.

Just like with records, the creator represents the person who created it in the first place, and the ability to change the creator of an asset is one of the permissions you can set to your project's roles:

Considering that in DatoCMS not only users but also API tokens are associated with a role, the same level of granularity in reading/modifying data can also be obtained for programmatic accesses through both the Content Management API and the Content Delivery API in GraphQL.

An ever safer editing experience

We're excited to bring you this new functionality. From now on, giving access to customers or collaborators will be even more secure and controlled, and this hopefully will lead more people on the team to collaborate on the content simultaneously, without surprises.

As always, do not hesitate to speak to the Community for more information or if you discover something that doesn't work as you expect!