Permissions control what actions your team members can perform within your Organization. The permissions of each team member are determined by which Permission Groups they belong to. For each Permission Group, you can configure a set of permissions and give those permissions to every Group member.
In CloudCannon, default and Custom Permission Groups are available depending on your pricing plan. You cannot configure the permissions for Default Permission Groups.
This article covers all permissions in CloudCannon. For more information about permission groups, please read our documentation on Permission Groups in general, Default Permission Groups, or Custom Permission Groups.
Each group has the following permissions available:
*
#Available scopes: Global
read
→ Enables all resources at read level.write
→ Enables all resources at write level.create
→ Enables all resources at create level.
base-domain
#Available scopes: Base Domain, Global
read
→ Enables all Base Domain resources at read level.write
→ Enables all Base Domain resources at write level.create
→ Allow users to create new Base Domains.
base-domain:details
#Available scopes: Base Domain, Global
read
→ Allow users to view the Base Domain details.
base-domain:settings
#Available scopes: Base Domain, Global
read
→ Enables all resources for Base Domain settings at read level.write
→ Enables all resources for Base Domain settings at write level.
base-domain:settings:details
#Available scopes: Base Domain, Global
read
→ Read informational settings for a domain.write
→ Access to update settings or migrate a domain.
base-domain:settings:dns
#Available scopes: Base Domain, Global
read
→ Access to read the DNS records attached to the base domainwrite
→ Access to update the DNS records attached to the base domain
base-domain:delete
#Available scopes: Base Domain, Global
write
→ Allow users to release a Base Domain once all Sites are disconnected.
site-branch
#Available scopes: Project, Site, Global
create
→ Allow users to create new Site branches.
site
#Available scopes: Project, Site, Global
read
→ Enables all Site resources at read level.write
→ Enables all Site resources at write level.create
→ Allow users to create new Sites.
site:details
#Available scopes: Project, Site, Global
read
→ Allow users to view the basic details about a Site.
site:activity
#Available scopes: Project, Site, Global
read
→ Allow users to view the history of activity for a Site.
site:file
#Available scopes: Project, Site, File, Global
read
→ Allow users to view the contents of a Site's files.write
→ Allow users to update a Site's files, including creating new files, deleting existing files, and editing file contents.
site:source-editor
#Available scopes: Project, Site, Global
read
→ Allow users to open files with the Source Editor.write
→ Allow users to edit files with the Source Editor.
site:build
#Available scopes: Project, Site, Global
read
→ Enables all resources for Site builds at read level.write
→ Enables all resources for Site builds at write level.
site:build:details
#Available scopes: Project, Site, Global
read
→ Allow users to view the build history for a Site.
site:build:log
#Available scopes: Project, Site, Global
read
→ Allow users to view the build logs for a Site.
site:build:trigger
#Available scopes: Project, Site, Global
write
→ Allow users to trigger a build for a Site.
site:sync
#Available scopes: Project, Site, Global
read
→ Enables all resources for Site syncs at read level.write
→ Enables all resources for Site syncs at write level.
site:sync:details
#Available scopes: Project, Site, Global
read
→ Access to see the sync status of a Site.
site:sync:log
#Available scopes: Project, Site, Global
read
→ Access to read sync logs for a Site.
site:sync:trigger
#Available scopes: Project, Site, Global
write
→ Access to trigger a sync with the Site's Git branch.
site:publish
#Available scopes: Project, Site, Global
read
→ Enables all resources for Site publishing at read level.write
→ Enables all resources for Site publishing at write level.
site:publish:merge
#Available scopes: Project, Site, Global
write
→ Allow users to immediately merge a Site without a Pull Request (GitHub only).
site:publish:pull-request
#Available scopes: Project, Site, Global
read
→ Enables all resources for Site Pull Requests at read level.write
→ Enables all resources for Site Pull Requests at write level.
site:publish:pull-request:open
#Available scopes: Project, Site, Global
read
→ Allow users to view pending Pull Requests for a Site.write
→ Allow users to open and close pending Pull Requests for a Site.
site:publish:pull-request:merge
#Available scopes: Project, Site, Global
write
→ Allow users to merge an open Pull Request for a Site.
site:publish:upstream
#Available scopes: Project, Site, Global
read
→ Allow users to view upstream changes available from a Site's Publish Branch.write
→ Allow users to merge upstream changes from a Site's Publish Branch into the current branch.
site:publish:delete
#Available scopes: Project, Site, Global
write
→ Allow users to delete a Site when the "Delete after publishing" option is enabled.
site:build-deploys
#Available scopes: Project, Site, Global
read
→ Enables all resources for Site build deploys at read level.write
→ Enables all resources for Site build deploys at write level.
site:build-deploys:details
#Available scopes: Project, Site, Global
read
→ Allow users to view the status of a build deployment for a Site.
site:build-deploys:log
#Available scopes: Project, Site, Global
read
→ Allow users to view the build deploy logs for a Site.
site:build-deploys:trigger
#Available scopes: Project, Site, Global
write
→ Allow users to trigger a build deploy for a Site.
site:analytics
#Available scopes: Project, Site, Global
read
→ Enables all resources for Site analytics at read level.
site:analytics:hosting
#Available scopes: Project, Site, Global
read
→ Allow users to view the bandwidth usage analytics for a Site.
site:analytics:build
#Available scopes: Project, Site, Global
read
→ Allow users to view the build time analytics for a Site.
site:backups
#Available scopes: Project, Site, Global
read
→ Allow users to download any archived backups of a Site.write
→ Allow users to create a downloadable backup for a Site.
site:dam
#Available scopes: Project, Site, Global
read
→ Allow users to view the files within DAMs connected to a Site.write
→ Allow users to upload files to DAMs connected to a Site.
site:inbox
#Available scopes: Project, Site, Global
read
→ Allow users to view form submissions for a Site.write
→ Allow users to resend and delete form submissions for a Site.
site:settings
#Available scopes: Project, Site, Global
read
→ Enables all resources for Site settings at read level.write
→ Enables all resources for Site settings at write level.
site:settings:details
#Available scopes: Project, Site, Global
read
→ Allow users to view the name, editing, and flag settings for a Site.write
→ Allow users to update the name, editing, and flag settings for a Site.
site:settings:git
#Available scopes: Project, Site, Global
read
→ Allow users to view the source syncing, publishing, and build deploy settings for a Site.write
→ Allow users to update the source syncing, publishing, and build deploy settings for a Site. Connecting a new Site requires the resource org:settings:git:write.
site:settings:build
#Available scopes: Project, Site, Global
read
→ Allow users to view the build settings for a Site.write
→ Allow users to update the build settings for a Site.
site:settings:schedule
#Available scopes: Project, Site, Global
read
→ Allow users to view the schedule settings for a Site.write
→ Allow users to update the schedule settings for a Site.
site:settings:site-mounting
#Available scopes: Project, Site, Global
read
→ Allow users to view Site Mounting settings for a Site.write
→ Allow users to update Site Mounting settings for a Site.
site:settings:dam
#Available scopes: Project, Site, Global
read
→ Allow users to view the DAMs connected to a Site.write
→ Allow users to manage the DAMs connected to a Site. To connect a new DAM also requires the resource org:settings:dam:read.
site:settings:hosting
#Available scopes: Project, Site, Global
read
→ Allow users to view domain and routing settings for a Site.write
→ Allow users to update domain and routing settings for a Site.
site:settings:form
#Available scopes: Project, Site, Global
read
→ Allow users to view form settings for a Site.write
→ Allow users to update form settings for a Site. Connecting a new inbox requires the resource org:settings:inbox:read.
site:settings:authentication
#Available scopes: Project, Site, Global
read
→ Enables all resources for Site authentication at read level.write
→ Enables all resources for Site authentication at write level.
site:settings:authentication:details
#Available scopes: Project, Site, Global
read
→ Allow users to view the authentication details for a Site.write
→ Allow users to update the authentication details for a Site, including adding or removing an authentication method.
site:settings:authentication:password
#Available scopes: Project, Site, Global
read
→ Allow users to view the password authentication details for a Site.write
→ Access to update password authentication details for a Site.
site:settings:authentication:user
#Available scopes: Project, Site, Global
read
→ Access to read user authentication details for a Site.write
→ Access to update user authentication details for a Site.
site:settings:authentication:saml
#Available scopes: Project, Site, Global
read
→ Access to read SAML authentication details for a Site.write
→ Access to update SAML authentication details for a Site.
site:settings:authentication:bearer-token
#Available scopes: Project, Site, Global
read
→ Allow users to view the Bearer Token settings for a Site.write
→ Allow users to update the Bearer Token settings for a Site, including creating new tokens or deleting existing ones.
site:settings:site-sharing
#Available scopes: Project, Site, Global
read
→ Allow users to view Site Sharing settings for a Site.write
→ Allow users to update Site Sharing settings for a Site, including adding or removing team members, and updating their Permission Group.
site:settings:client-sharing
#Available scopes: Project, Site, Global
read
→ Allow users to view the Client Sharing settings for a Site.write
→ Allow users to update the Client Sharing settings for a Site.
site:delete
#Available scopes: Project, Site, Global
write
→ Allow users to delete a Site.
group
#Available scopes: Group, Global
read
→ Enables all Group resources at read level.write
→ Enables all Group resources at write level.create
→ Allow users to create new Groups.
group:details
#Available scopes: Group, Global
read
→ Allow users to view a Permission Group and read the details. All users implicitly have this resource for the Permission Groups they are a member of.
group:settings
#Available scopes: Group, Global
read
→ Allow users to view the settings for a Permission Group.write
→ Allow users to update the settings for a Permission Group.
group:member
#Available scopes: Group, Global
read
→ Allow users to view current and pending members of a Permission Group. All users implicitly have this resource for the Permission Groups they are a member of, excluding pending members.write
→ Allow users to add and remove members from a Permission Group.
group:delete
#Available scopes: Group, Global
write
→ Allow users to delete a Permission Group.
project
#Available scopes: Project, Global
read
→ Enables all Project resources at read level.write
→ Enables all Project resources at write level.create
→ Allow users to create new Projects.
project:details
#Available scopes: Project, Global
read
→ Allow users to view a Project, including the details and publishing diagram.
project:settings
#Available scopes: Project, Global
read
→ Enables all resources for Project settings at read level.write
→ Enables all resources for Project settings at write level.
project:settings:details
#Available scopes: Project, Global
read
→ Allow users to view the details of the settings for a Project.write
→ Allow users to update the details of the settings for a Project.
project:settings:git
#Available scopes: Project, Global
read
→ Allow users to view the repository settings for a Project.write
→ Allow users to update the repository settings for a Project.
project:delete
#Available scopes: Project, Global
write
→ Allow users to delete a Project.
org
#Available scopes: Global
read
→ Enables all Organization resources at read level.write
→ Enables all Organization resources at write level.
org:details
#Available scopes: Global
read
→ Allow users to view the Organization Home page, logos, and edit history.
org:settings
#Available scopes: Global
read
→ Enables all resources for Organization settings at read level.write
→ Enables all resources for Organization settings at write level.
org:settings:details
#Available scopes: Global
read
→ Allow users to view the settings for an Organization's name and branding.write
→ Allow users to update the settings for an Organization's name and branding.
org:settings:dam
#Available scopes: Global
read
→ Allow users to view DAMs connected to this Organization and open the DAM file browser.write
→ Allow users to update DAM settings for your Organization, including connecting new DAMs and removing existing ones.
org:settings:inbox
#Available scopes: Global
read
→ Allow users to view form submissions and inboxes.write
→ Allow users to create new inboxes, update inbox settings, and view the Sites connected to each inbox.
org:settings:certificate
#Available scopes: Global
read
→ Allow users to view SSL certificates.write
→ Allow users to add and remove SSL certificates.
org:settings:git
#Available scopes: Global
read
→ Enables all resources for Organization Git settings at read level.write
→ Enables all resources for Organization Git settings at write level.
org:settings:git:provider
#Available scopes: Global
read
→ Allow users to view information about connected Git providers.write
→ Allow users to manage connected Git providers.
org:settings:git:repository
#Available scopes: Global
read
→ Allow users to view the repositories available from your Git provider. This resource is required to set up new Projects and Sites connected to a Git repository.
org:settings:git:branch
#Available scopes: Global
read
→ Allow users to view the branches in a connected Git repository. This resource is required to create a new branch from a Site.write
→ Allow users to connect a Site to any Git branch on a connected Git repository.
org:billing
#Available scopes: Global
read
→ Allow users to view Billing details, including bandwidth, build time usage, subscription details, payment methods, and invoices.write
→ Allow users to update Billing details, including bandwidth, build time usage, subscription details, payment methods, and invoices.
org:transfer
#Available scopes: Global
read
→ Allow users to view incoming and outgoing transfer requests for Sites and linked items.write
→ Allow users to accept or decline incoming transfer requests and create or cancel outgoing transfer requests.