Graphene Permissions - EscherLabs/Graphene GitHub Wiki
Below are the various roles that a given user can have, and the permissions (actions) which they can perform as a result.
| Permission | Site Admin | Site Dev | App/Workflow Dev | Group Content Admin | Group App/Workflow Admin |
|---|---|---|---|---|---|
| Manage Sites | x***** | ||||
| Manage Site Admins | x | ||||
| Manage All Site Groups | x | ||||
| Manage All Site User Permissions | x | ||||
| Change Group Name / Slug | x | ||||
| Update Site Settings | x | ||||
| List All Apps/Workflows | x | x | |||
| Create / Delete Apps | x | x | |||
| Manage App Developers | x | x | x**** | ||
| View All Apps/Workflows | x | x | |||
| View Specific App/Workflow | x | x | x | ||
| Update Specific App/Workflow | x | ||||
| Publish Specific App/Workflow | x | ||||
| Manage Group Admins | x | x* | x* | ||
| Manage Group Members | x | x | x | ||
| Manage Group Composites | x | x** | x** | ||
| Manage Group Pages | x | x | |||
| Manage Group Links | x | x | |||
| Manage Group Images | x | x | |||
| Manage Group Tags | x | x | |||
| Manage Group Endpoints | x | x | |||
| Manage Workflow Developers | x | x | x**** | ||
| Update Group App Instances | x | x | |||
| Update Workflow Instances | x | x | |||
| Instantiate Group App Instance | x | x*** | x*** | ||
| Instantiate Workflow Instances | x | x*** | x*** | ||
| View Workflow Instance Submission | x | x | |||
| View Workflow Instance Reports | x | x | |||
| Access / Edit API Gateway APIs | x |
* Can only replicate their own permissions for new admins. (Content Admin cannot assign App Admin permissions to another user
** Can only create a composite group where the user is an admin of both the child and parent groups
*** Can only instantiate an app where user is an app/workflow developer and app/workflow admin of the specified group
**** Can only manage developers for apps that user is a developer of currently
***** Can only manage sites where user is a Site Admin of the MASTER_SITE (as defined in the .env configuration)
