Roles & Permissions
Understand the built-in roles, create custom roles, and assign granular permissions to control what each role can access.
Roles bundle permissions together and are assigned to users. Contensio ships with three system roles and lets you create as many custom roles as you need.
System roles
| Role | Description |
|---|---|
| Super Admin | Unrestricted access to everything — cannot be edited or deleted. The first account created during installation is Super Admin. |
| Admin | Full content and user management, including publishing, deleting all content, managing media, taxonomies, menus, and SEO settings. Cannot install plugins/themes or manage system settings. |
| Editor | Creates content and uploads media. Can only edit and delete their own content — cannot touch other users' work or any configuration screens. |
System roles cannot be deleted. Super Admin cannot be edited (it always has every permission).
Creating a custom role
Go to Configuration → Roles and click New Role. Give it a name per language, then tick the permissions it should have.
Permissions reference
Permissions are grouped by module:
Content
| Permission | What it allows |
|---|---|
content.view |
View content lists and edit screens |
content.create |
Create new content items |
content.edit_own |
Edit content authored by this user |
content.edit_all |
Edit any content regardless of author |
content.publish |
Change status to Published |
content.delete_own |
Delete own content |
content.delete_all |
Delete any content |
content.manage_types |
Create, edit, delete content types and taxonomies |
fields.manage |
Create and edit custom field groups |
content.approve |
Access the review queue; approve or reject submitted content |
content.bypass_review |
Publish content directly, skipping the approval workflow |
Media
| Permission | What it allows |
|---|---|
media.upload |
Upload files to the media library |
media.view_all |
Browse all uploads (not just own) |
media.delete_own |
Delete files uploaded by this user |
media.delete_all |
Delete any file |
Other modules
| Permission | What it allows |
|---|---|
taxonomy.manage |
Manage terms (categories, tags, etc.) |
menu.manage |
Create and edit navigation menus |
seo.edit_content |
Edit per-content SEO fields |
seo.manage_settings |
Edit global SEO settings and redirects |
users.view |
View the users list |
users.create_editors |
Invite users with Editor-level roles |
users.create_admins |
Invite users with Admin-level roles |
users.manage_roles |
Create and edit custom roles |
users.delete |
Delete user accounts |
comments.manage |
Moderate comments |
system.plugins |
Install/uninstall plugins |
system.themes |
Install/switch themes |
system.settings |
Edit global site settings |
system.languages |
Add and manage languages |
Assigning a role to a user
When creating or editing a user, pick their role from the Role dropdown. A user can only hold one role at a time. To grant a single user extra access temporarily, either create a custom role or elevate them to a higher built-in role.
Per-content-type permissions
Custom content types automatically generate their own permission set ({type}.create, {type}.update, {type}.delete). You can assign these to a role from Configuration → Roles, giving fine-grained control such as "this role can manage Products but not Events."