Roles & Permissions

Give every person exactly the access they need

162 permissions, 70 roles, and 70 user groups — with staging and production access controlled separately. Enterprise-grade RBAC without enterprise seat pricing.

Four authorization layers

Permissions are enforced at the data layer, API layer, and UI layer — not just hidden menu items.

Platform admins

Global administrators with cross-org capabilities for platform operations.

Org administrators

Organization-scoped admins who manage teams, members, and org-level settings.

Team user groups

70 user groups with 70 roles — assign members to groups that grant exactly the access they need.

Always-allowed basics

Baseline permissions every authenticated user receives for essential navigation.

Environment-aware permissions

A contractor can publish to staging but never to production. Staging and production access are separately controlled on every resource type.

RuleCMS follows a View → Manage → Admin progression across every resource. Environment-based permission names ensure staging and production gates are independently enforced — at the API and in the UI.

Combined with unlimited team members, you can onboard everyone with precisely scoped access — no seat-fee tradeoffs.

Permission progression by resource

Team members

View → Manage → Admin

Projects & environments

View → Manage → Admin

Widgets & collections

View → Manage → Admin

API tokens

View → Manage → Admin

Component libraries

View → Manage → Admin

Media assets

View → Manage → Admin

Explore RuleCMS

Dive deeper into what makes RuleCMS different.

Enterprise control without enterprise pricing

162 permissions and 70 roles included — invite your whole organization.