Update a role
Updates an existing role. Any attribute or relationship omitted from the payload is left unchanged.
The full positive_* / negative_* permission arrays are replaced wholesale when sent — there is no "patch a single permission entry" operation on this endpoint. Read the role first and forward the entries you don't want to change, or use the SDK helper described below.
Safer permission edits with updateCurrentEnvironmentPermissions
For records and uploads in the current environment, the SDK ships a higher-level helper:
client.roles.updateCurrentEnvironmentPermissions(roleId, { positive_item_type_permissions: { add: [...], remove: [...] }, negative_item_type_permissions: { add: [...], remove: [...] }, positive_upload_permissions: { add: [...], remove: [...] }, negative_upload_permissions: { add: [...], remove: [...] },});It reads the role, applies the diff against the entries scoped to the current environment, and forwards the merged arrays — so individual entries can be added or removed without rewriting the surrounding state. Build trigger and search index permissions, and entries scoped to other environments, still need a direct client.roles.update(...) call.
Subtract a single action from a role that already grants action: "all". The fix is to append a negative_item_type_permissions entry naming the action to take away — the existing positive all entry stays, and the formula (positive_*) − negative_* resolves to "everything but delete".
import { buildClient } from "@datocms/cma-client-node";
async function run() { const client = buildClient({ apiToken: process.env.DATOCMS_API_TOKEN });
// Look up the existing "Power editor" role to patch. const allRoles = await client.roles.list(); const role = allRoles.find((candidate) => candidate.name === "Power editor")!;
// Append a negative entry forbidding `delete` to the current environment. const updated = await client.roles.updateCurrentEnvironmentPermissions( role.id, { negative_item_type_permissions: { add: [ { action: "delete", on_creator: "anyone", }, ], }, }, );
console.log("Updated role:", updated.id, "—", updated.name); console.log( "Negative permissions now:", JSON.stringify(updated.negative_item_type_permissions, null, 2), );}
run();Updated role: 443075 — Power editorNegative permissions now: [ { "environment": "main", "item_type": null, "workflow": null, "on_stage": null, "to_stage": null, "action": "delete", "on_creator": "anyone", "localization_scope": null, "locale": null }]Effects on bound credentials
Changes take effect immediately for every credential bound to this role: collaborators, SSO users, and API tokens will see new requests evaluated against the updated meta.final_permissions on their next call.
Body parameters
The name of the role
"Editor"
Can edit favicon, global SEO settings and no-index policy
Can change project-wide settings (project name, internal subdomain, frontend preview URL, deployment settings)
Can create and edit the project schema: models, block models, fields, fieldsets, validators, and plugins
Can customize content navigation bar
Can edit per-environment settings of the environments this role has access to: locales, timezone, and UI theme. This is not about creating or switching environments — see can_manage_environments for that, and environments_access for which environments this role can enter at all.
Can promote a sandbox environment to primary (atomic swap) and toggle the project's maintenance mode. Distinct from can_manage_environments, which covers creating/forking/deleting sandboxes.
Specifies the environments the user can access
"primary_only"
Grants access to all environments
Grants access exclusively to the primary environment
Grants access exclusively to sandbox environments
No access to any environment. This value is typically used when the role is intended to inherit access settings from other roles
Can create and edit roles and invite/remove collaborators
Can create and edit shared filters (both for models and the media area)
Can create and edit search indexes
Can create and edit upload collections
Can create and edit build triggers
Can create and edit webhooks
Can create, fork, and delete sandbox environments. Promotion to primary is gated separately by can_promote_environments.
Can manage Single Sign-On settings
Can access Audit Log
Can create and edit workflows
Can manage API tokens
Can perform Site Search API calls
Can access the build events log
Can access the search index events log
Allowed actions on a model (or all) for a role.
The shape of each entry depends on the action (discriminated union). Idiomatic recipes:
- To grant every action, use a single
action: "all"entry withlocalization_scope: "all". - To grant a subset (e.g. create+read+update but not delete), prefer a single
action: "all"entry plusnegative_item_type_permissionsentries for the actions to exclude — instead of listing each allowed action separately.
Permitted action
"all"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
For action: "all" this must be "all".
"all"
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Restrict to records currently on a workflow stage.
Restrict to moves towards a specific workflow stage.
Permitted action
"read"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Permitted action
"create"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted content scope
"all"
Any content (localized/unlocalized)
Content under a specific locale (locale must be defined)
Non-localized content
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Required (non-null) when localization_scope is "localized"; must be omitted otherwise.
"en"
Permitted action
"update"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Permitted content scope
"all"
Any content (localized/unlocalized)
Content under a specific locale (locale must be defined)
Non-localized content
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Restrict to records currently on a workflow stage.
Required (non-null) when localization_scope is "localized"; must be omitted otherwise.
"en"
Permitted action
"duplicate"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Restrict to records currently on a workflow stage.
Permitted action
"delete"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Restrict to records currently on a workflow stage.
Permitted action
"move_to_stage"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Restrict to records currently on a workflow stage.
Restrict to moves towards a specific workflow stage.
Prohibited actions on a model (or all) for a role. Negative permissions take precedence and are typically paired with a broader positive action: "all" entry to subtract specific actions (e.g. forbid delete).
Permitted action
"all"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
For action: "all" this must be "all".
"all"
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Restrict to records currently on a workflow stage.
Restrict to moves towards a specific workflow stage.
Permitted action
"read"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Permitted action
"create"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted content scope
"all"
Any content (localized/unlocalized)
Content under a specific locale (locale must be defined)
Non-localized content
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Required (non-null) when localization_scope is "localized"; must be omitted otherwise.
"en"
Permitted action
"update"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Permitted content scope
"all"
Any content (localized/unlocalized)
Content under a specific locale (locale must be defined)
Non-localized content
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Restrict to records currently on a workflow stage.
Required (non-null) when localization_scope is "localized"; must be omitted otherwise.
"en"
Permitted action
"duplicate"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Restrict to records currently on a workflow stage.
Permitted action
"delete"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Restrict to records currently on a workflow stage.
Permitted action
"move_to_stage"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Restrict to records currently on a workflow stage.
Restrict to moves towards a specific workflow stage.
Allowed actions on uploads (or all) for a role.
The shape of each entry depends on the action (discriminated union). To grant a subset, prefer a single action: "all" entry plus negative_upload_permissions entries for the actions to exclude.
Permitted action
"all"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
For action: "all" this must be "all".
"all"
Restricts the permission to a specific upload collection. When null, the permission applies to all collections.
Permitted action
"update"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Permitted content scope
"all"
Any content (localized/unlocalized)
Localized content in a specific locale (locale must be defined)
Non-localized content
Restricts the permission to a specific upload collection. When null, the permission applies to all collections.
Required (non-null) when localization_scope is "localized"; must be omitted otherwise.
"en"
Permitted action
"create"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Restricts the permission to a specific upload collection. When null, the permission applies to all collections.
Permitted action
"read"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Restricts the permission to a specific upload collection. When null, the permission applies to all collections.
Permitted action
"move"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Restricts the permission to a specific upload collection. When null, the permission applies to all collections.
Restricts the destination upload collection of the move action. When null, any destination is allowed.
Prohibited actions on uploads (or all) for a role. Negative permissions take precedence and are typically paired with a broader positive action: "all" entry to subtract specific actions.
Permitted action
"all"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
For action: "all" this must be "all".
"all"
Restricts the permission to a specific upload collection. When null, the permission applies to all collections.
Permitted action
"update"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Permitted content scope
"all"
Any content (localized/unlocalized)
Localized content in a specific locale (locale must be defined)
Non-localized content
Restricts the permission to a specific upload collection. When null, the permission applies to all collections.
Required (non-null) when localization_scope is "localized"; must be omitted otherwise.
"en"
Permitted action
"create"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Restricts the permission to a specific upload collection. When null, the permission applies to all collections.
Permitted action
"read"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Restricts the permission to a specific upload collection. When null, the permission applies to all collections.
Permitted action
"move"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Restricts the permission to a specific upload collection. When null, the permission applies to all collections.
Restricts the destination upload collection of the move action. When null, any destination is allowed.
Build triggers this role is allowed to manually fire. An entry with build_trigger: null covers every build trigger. Note: this does not control creating/editing build triggers themselves — that is gated by can_manage_build_triggers.
Build triggers this role is forbidden from manually firing. Negative entries take precedence over positive ones; pair with a build_trigger: null positive entry to allow all-but-N.
Search indexes this role is allowed to manually re-index. An entry with search_index: null covers every search index. Note: this does not control creating/editing search indexes themselves — that is gated by can_manage_search_indexes.
Search indexes this role is forbidden from manually re-indexing. Negative entries take precedence over positive ones; pair with a search_index: null positive entry to allow all-but-N.
The final set of permissions considering also inherited roles
Can change project-wide settings (project name, internal subdomain, frontend preview URL, deployment settings)
Can edit favicon, global SEO settings and no-index policy
Can create and edit the project schema: models, block models, fields, fieldsets, validators, and plugins
Can customize content navigation bar
Can create and edit roles and invite/remove collaborators
Can create, fork, and delete sandbox environments. Promotion to primary is gated separately by can_promote_environments.
Can create and edit webhooks
Specifies the environments the user can access
"primary_only"
Grants access to all environments
Grants access exclusively to the primary environment
Grants access exclusively to sandbox environments
No access to any environment. This value is typically used when the role is intended to inherit access settings from other roles
Can manage Single Sign-On settings
Can access Audit Log
Can create and edit workflows
Can edit per-environment settings of the environments this role has access to: locales, timezone, and UI theme. This is not about creating or switching environments — see can_manage_environments for that, and environments_access for which environments this role can enter at all.
Can promote a sandbox environment to primary (atomic swap) and toggle the project's maintenance mode. Distinct from can_manage_environments, which covers creating/forking/deleting sandboxes.
Can create and edit shared filters (both for models and the media area)
Can create and edit search indexes
Can create and edit build triggers
Can create and edit upload collections
Can manage API tokens
Can perform Site Search API calls
Can access the build events log
Can access the search index events log
Allowed actions on a model (or all) for a role.
The shape of each entry depends on the action (discriminated union). Idiomatic recipes:
- To grant every action, use a single
action: "all"entry withlocalization_scope: "all". - To grant a subset (e.g. create+read+update but not delete), prefer a single
action: "all"entry plusnegative_item_type_permissionsentries for the actions to exclude — instead of listing each allowed action separately.
Permitted action
"all"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
For action: "all" this must be "all".
"all"
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Restrict to records currently on a workflow stage.
Restrict to moves towards a specific workflow stage.
Permitted action
"read"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Permitted action
"create"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted content scope
"all"
Any content (localized/unlocalized)
Content under a specific locale (locale must be defined)
Non-localized content
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Required (non-null) when localization_scope is "localized"; must be omitted otherwise.
"en"
Permitted action
"update"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Permitted content scope
"all"
Any content (localized/unlocalized)
Content under a specific locale (locale must be defined)
Non-localized content
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Restrict to records currently on a workflow stage.
Required (non-null) when localization_scope is "localized"; must be omitted otherwise.
"en"
Permitted action
"duplicate"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Restrict to records currently on a workflow stage.
Permitted action
"delete"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Restrict to records currently on a workflow stage.
Permitted action
"move_to_stage"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Restrict to records currently on a workflow stage.
Restrict to moves towards a specific workflow stage.
Prohibited actions on a model (or all) for a role. Negative permissions take precedence and are typically paired with a broader positive action: "all" entry to subtract specific actions (e.g. forbid delete).
Permitted action
"all"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
For action: "all" this must be "all".
"all"
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Restrict to records currently on a workflow stage.
Restrict to moves towards a specific workflow stage.
Permitted action
"read"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Permitted action
"create"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted content scope
"all"
Any content (localized/unlocalized)
Content under a specific locale (locale must be defined)
Non-localized content
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Required (non-null) when localization_scope is "localized"; must be omitted otherwise.
"en"
Permitted action
"update"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Permitted content scope
"all"
Any content (localized/unlocalized)
Content under a specific locale (locale must be defined)
Non-localized content
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Restrict to records currently on a workflow stage.
Required (non-null) when localization_scope is "localized"; must be omitted otherwise.
"en"
Permitted action
"duplicate"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Restrict to records currently on a workflow stage.
Permitted action
"delete"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Restrict to records currently on a workflow stage.
Permitted action
"move_to_stage"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Restricts the permission to a specific model. When null, the permission applies to all models.
Restricts the permission to records associated with a specific workflow. Mutually exclusive with item_type.
Restrict to records currently on a workflow stage.
Restrict to moves towards a specific workflow stage.
Allowed actions on uploads (or all) for a role.
The shape of each entry depends on the action (discriminated union). To grant a subset, prefer a single action: "all" entry plus negative_upload_permissions entries for the actions to exclude.
Permitted action
"all"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
For action: "all" this must be "all".
"all"
Restricts the permission to a specific upload collection. When null, the permission applies to all collections.
Permitted action
"update"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Permitted content scope
"all"
Any content (localized/unlocalized)
Localized content in a specific locale (locale must be defined)
Non-localized content
Restricts the permission to a specific upload collection. When null, the permission applies to all collections.
Required (non-null) when localization_scope is "localized"; must be omitted otherwise.
"en"
Permitted action
"create"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Restricts the permission to a specific upload collection. When null, the permission applies to all collections.
Permitted action
"read"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Restricts the permission to a specific upload collection. When null, the permission applies to all collections.
Permitted action
"move"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Restricts the permission to a specific upload collection. When null, the permission applies to all collections.
Restricts the destination upload collection of the move action. When null, any destination is allowed.
Prohibited actions on uploads (or all) for a role. Negative permissions take precedence and are typically paired with a broader positive action: "all" entry to subtract specific actions.
Permitted action
"all"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
For action: "all" this must be "all".
"all"
Restricts the permission to a specific upload collection. When null, the permission applies to all collections.
Permitted action
"update"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Permitted content scope
"all"
Any content (localized/unlocalized)
Localized content in a specific locale (locale must be defined)
Non-localized content
Restricts the permission to a specific upload collection. When null, the permission applies to all collections.
Required (non-null) when localization_scope is "localized"; must be omitted otherwise.
"en"
Permitted action
"create"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Restricts the permission to a specific upload collection. When null, the permission applies to all collections.
Permitted action
"read"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Restricts the permission to a specific upload collection. When null, the permission applies to all collections.
Permitted action
"move"
ID of environment. Can only contain lowercase letters, numbers and dashes
"main"
Permitted creator
"anyone"
Created by anyone
Created by the user itself
Created by a user with the same role
Restricts the permission to a specific upload collection. When null, the permission applies to all collections.
Restricts the destination upload collection of the move action. When null, any destination is allowed.
Build triggers this role is allowed to manually fire. An entry with build_trigger: null covers every build trigger. Note: this does not control creating/editing build triggers themselves — that is gated by can_manage_build_triggers.
Build triggers this role is forbidden from manually firing. Negative entries take precedence over positive ones; pair with a build_trigger: null positive entry to allow all-but-N.
Search indexes this role is allowed to manually re-index. An entry with search_index: null covers every search index. Note: this does not control creating/editing search indexes themselves — that is gated by can_manage_search_indexes.
Search indexes this role is forbidden from manually re-indexing. Negative entries take precedence over positive ones; pair with a search_index: null positive entry to allow all-but-N.
The roles from which this role inherits permissions
Returns
Returns a resource object of type role