Permissions
Permissions are the individual abilities you tick when building a role — view entries, edit assets, manage users, and so on.
Permissions get bundled into Roles, which you assign to users or user groups. Developers registering new abilities in PHP should see Custom Permissions.
Overview#
A permission is a single capability, identified by a string handle (e.g. edit blog entries). You don't assign permissions directly to users — you add them to a role, then attach that role to users or groups.
Out of the box Statamic ships with the matrix below. Wildcard handles like {collection} or {site} expand once per matching item (one permission per collection, site, etc.).
Statamic's native permissions#
| Permission | Handle |
|---|---|
| Access the Control Panel | access cp |
| Configure Sites | configure sites |
| Configure Fields | configure fields |
| Configure Form Fields | configure form fields |
| Manage Preferences | manage preferences |
| Access site | access {site} site |
| Create, edit, and delete collections | configure collections |
| View entries | view {collection} entries |
| ↳ Edit entries | edit {collection} entries |
| ↳ Create entries | create {collection} entries |
| ↳ Delete entries | delete {collection} entries |
| ↳ Publish entries | publish {collection} entries |
| ↳ Reorder entries | reorder {collection} entries |
| ↳ Edit other author's entries | edit other authors {collection} entries |
| ↳ Publish other author's entries | publish other authors {collection} entries |
| ↳ Delete other author's entries | delete other authors {collection} entries |
| Create, edit, and delete navs | configure navs |
| ↳ View nav | view {nav} nav |
| ↳ Edit nav | edit {nav} nav |
| Create, edit and delete global sets | configure globals |
| Edit global variables | edit {global} globals |
| Create, edit and delete taxonomies | configure taxonomies |
| View terms | view {taxonomy} terms |
| ↳ Edit terms | edit {taxonomy} terms |
| ↳ Create terms | create {taxonomy} terms |
| ↳ Delete terms | delete {taxonomy} terms |
| Configure asset containers | configure asset containers |
| View asset container | view {container} assets |
| ↳ Upload assets | upload {container} assets |
| ↳ Edit folders | edit {container} folders |
| ↳ Edit assets | edit {container} assets |
| ↳ Move assets | move {container} assets |
| ↳ Rename assets | rename {container} assets |
| ↳ Delete assets | delete {container} assets |
| View users | view users |
| ↳ Edit users | edit users |
| ↳ Create users | create users |
| ↳ Delete users | delete users |
| ↳ Change passwords | change passwords |
| ↳ Assign user groups | assign user groups |
| ↳ Assign roles | assign roles |
| Edit user groups | edit user groups |
| Edit roles | edit roles |
| Impersonate users | impersonate users |
| View updates | view updates |
| Configure forms | configure forms |
| View form submissions | view {form} form submissions |
| ↳ Delete form submissions | delete {form} form submissions |
| Configure addons | configure addons |
| Edit addon settings | edit {addon} settings |
| Access utility | access {utility} utility |
| Resolve Duplicate IDs | resolve duplicate ids |
| View GraphQL | view graphql |
Need something that isn't in this list? Register a custom permission.
Author permissions#
Author permissions are a little bit special. They determine the control users can have over their own entries or those created by other authors.
This feature only has any effect if your entry blueprint has an author field. If you don't already have an author field, this functionality is not available.
Site permissions#
When using the multi-site feature, Statamic will check for appropriate site permissions in addition to whatever it's checking.
For example, when you try to edit a blog entry in the french site, Statamic will check if you have both the edit blog entries and access french site permissions.
Super users#
Super users bypass the permission matrix entirely. They aren't granted each permission — they skip the checks. Use them sparingly.