Roles & Permissions
- How to use roles
- What about the admin role?
- The basic features
- How to manage permissions for collections and singletons?
- Addon permissions
- Further reading
Cockpit's user system is basically role based. Each user is assigned to a role, that defines the user's permissions. A role has the following properties
- id: the identifier of the role
- name: the name of the role - displayed i.e. when managing users
- info: further information for describing the role's purpose, usage, ...
How to use roles
Whenever you want to provide access to your Cockpit installation, you are likely going to create a user. If the user needs a special subset of permissions i.e. restricted to a certain collection and / or managing pages, this can be achieved by creating a new role. After the role was successfully created and configured it can be assigned to any number of existing or future users.
What about the admin role?
On a fresh installation of Cockpit one might wonder why there are not any roles listed in /system/users/roles.
The Admin role, which is assigned to the automatically created first user, does not show up in the list because it grants all permissions by default and this behaviour can not be changed. Whenever you want to create a special kind of admin role just make sure to create a new one with a new unique name i.e. Custom Admin, Manager, ...
The basic features
In any case Cockpit provides options for giving permission to core features:
- Api & security
- Manage users
- Manage roles
How to manage permissions for collections and singletons?
As described in the basic features there's permissions for Content available. In contrast to other permissions the Content permission provides the possibility to set detailed permission based on concrete collections or singletons you created.
This allows you to give one role the permission to edit and view a collection i.e. Collection A whereas another role has access to read i.e. Collection B only.
In addition to permissions for Cockpit's core features there exist permissions to addons also. Note, that permissions for addons are displayed only if any addons were installed.