Global Permission Mappings Config¶
The global permission mappings configuration file lets you configure the permissions to a role globally for the entire application
Permissions per project are managed within Crafter Studio’s UI. See Permission Mappings for more information on project permissions.
Here’s the default global permissions configuration.  It contains the permissions mappings for the roles defined in the global role mappings configuration file.  To access the file, using your favorite editor, navigate to CRAFTER_HOME/data/repos/global/configuration/ then open the file global-permission-mappings-config.xml.  Remember to restart CrafterCMS so your changes to the file will take effect.
 1<!--
 2  This file contains global permissions configuration for Crafter Studio. Permissions per project are managed
 3  within Crafter Studio's UI.
 4
 5  The structure of this file is:
 6  <permissions>
 7    <site id="###GLOBAL###"> (global management)
 8      <role name="">
 9        <rule regex="/.*">
10          <allowed-permissions>
11            <permission>Read</permission>
12            <permission>Write</permission>
13            <permission>Delete</permission>
14            <permission>Create Folder</permission>
15            <permission>Publish</permission>
16          </allowed-permissions>
17        </rule>
18      </role>
19    </site>
20  </permissions>
21
22  This binds a set of permissions to a role globally for the entire application.
23-->
24<permissions>
25  <role name="system_admin">
26    <rule regex="/.*">
27      <allowed-permissions>
28        <permission>content_read</permission>
29        <permission>content_write</permission>
30        <permission>folder_create</permission>
31        <permission>publish</permission>
32        <permission>create-site</permission>
33        <permission>read_groups</permission>
34        <permission>create_groups</permission>
35        <permission>update_groups</permission>
36        <permission>delete_groups</permission>
37        <permission>read_users</permission>
38        <permission>create_users</permission>
39        <permission>update_users</permission>
40        <permission>delete_users</permission>
41        <permission>read_cluster</permission>
42        <permission>create_cluster</permission>
43        <permission>update_cluster</permission>
44        <permission>delete_cluster</permission>
45        <permission>audit_log</permission>
46        <permission>read_logs</permission>
47        <permission>add_remote</permission>
48        <permission>list_remotes</permission>
49        <permission>pull_from_remote</permission>
50        <permission>push_to_remote</permission>
51        <permission>rebuild_database</permission>
52        <permission>remove_remote</permission>
53        <permission>S3 Read</permission>
54        <permission>S3 Write</permission>
55        <permission>content_delete</permission>
56        <permission>webdav_read</permission>
57        <permission>webdav_write</permission>
58        <permission>write_configuration</permission>
59        <permission>write_global_configuration</permission>
60        <permission>encryption_tool</permission>
61        <permission>get_children</permission>
62        <permission>edit_site</permission>
63        <permission>manage_access_token</permission>
64        <permission>list_plugins</permission>
65        <permission>install_plugins</permission>
66        <permission>remove_plugins</permission>
67        <permission>site_delete</permission>
68        <permission>unlock_repository</permission>
69        <permission>item_unlock</permission>
70        <permission>publish_status</permission>
71      </allowed-permissions>
72    </rule>
73  </role>
74</permissions>
Description¶
List of available permissions
| Permission | Description | 
|---|---|
| add_remote | User is permitted to add a remote repository | 
| audit_log | User is permitted to access the Audit from the Main Menu for viewing all the audit logs | 
| cancel_failed_pull | User is permitted to cancel a failed pull from a repository | 
| cancel_publish | User is permitted to cancel a publish request | 
| Change Content Type | User is permitted to change content type | 
| commit_resolution | User is permitted to commit resolution | 
| content_create | User is permitted to create new content | 
| content_delete | User is permitted to delete content | 
| content_read | User is permitted to read content | 
| content_write | User is permitted to user is permitted to edit content | 
| folder_create | User is permitted to create new folder | 
| create_cluster | User is permitted to access the Cluster from the Main Menu for managing clusters | 
| create_groups | User is permitted to access the Groups from the Main Menu for managing groups | 
| create_users | User is permitted to access the Users from the Main Menu for managing users | 
| create-site | User is permitted to access the Projects from the Main Menu for managing projects | 
| delete_cluster | User is permitted to delete a member of the cluster | 
| delete_groups | User is permitted to delete a group | 
| delete_users | User is permitted to delete a user | 
| edit_site | User is permitted to edit project | 
| encryption_tool | User is permitted to access the Encryption Tool from the Main Menu to encrypt a text value | 
| get_children | User is permitted to call getChildren* APIs for browsing project content | 
| get_publishing_queue | User is permitted to get the list of packages in the publishing queue | 
| install_plugins | User is permitted to install plugins | 
| item_unlock | User is permitted to unlock items | 
| list_remotes | User is permitted to list remote repositories for a project | 
| list_plugins | User is permitted to list plugins installed for a project | 
| manage_access_token | User is permitted access to manage (create,remove, etc.) access tokens | 
| publish | User is permitted to approve submitted content for publishing or publish content | 
| publish_status | User is permitted to see publishing status for project | 
| pull_from_remote | User is permitted to pull content from remote repository to project content repository | 
| push_to_remote | User is permitted to push content to remote repository from project content repository | 
| read_cluster | User is permitted to read all the members of the cluster | 
| read_groups | User is permitted to get all groups | 
| read_logs | User is permitted to access the Logging Levels and Log Console tools from the Main Menu | 
| read_users | User is permitted to get all users | 
| rebuild_database | User is permitted to rebuild Crafter Studio’s database and object state with the underlying repository | 
| remove_plugins | User is permitted to remove installed plugins | 
| remove_remote | User is permitted to remove remote repository from project content repository | 
| resolve_conflict | User is permitted to resolve a conflict for a file by accepting ours or theirs | 
| S3 Read | User is permitted to get a list of items from an S3 bucket | 
| S3 Write | User is permitted to upload a file to an S3 bucket | 
| site_delete | User is permitted to delete a project | 
| site_diff_conflicted_file | User is permitted to get the difference between  | 
| site_status | User is permitted to get status of repository for a project | 
| unlock_repository | User is permitted to unlock repository | 
| update_cluster | User is permitted to update the cluster | 
| update_groups | User is permitted to update groups | 
| update_users | User is permitted to update user | 
| webdav_read | User is permitted to get a list of items from a WebDAV server | 
| webdav_write | User is permitted to upload a file to a WebDAV server | 
| write_configuration | User is permitted to write configuration content for project | 
| write_global_configuration | User is permitted access to the Global Config tool from the Main Menu |