Skip to main content

Permissions by role

Overview

Every Uwazi account holds one role that sets what the user can do.

Uwazi has three account roles, plus an anonymous public visitor:

  • Admin: full control of the instance, including settings, users, and all content.
  • Editor: manages all content and entities, but not settings or users.
  • Collaborator: works with entities they create or that others share with them, plus published ones.
  • Public visitor: anyone who isn't signed in; reads published content only.

Role summary

The table gives the scope of each role in one line.

RoleScope
AdminConfigures the instance and manages every user, content type, and entity.
EditorCreates and edits all content and entities, but no configuration or users.
CollaboratorCreates entities, works with entities shared with them, and reads published ones.
Public visitorReads published entities and public pages.

Permissions matrix

The tables below list each capability and the access per role. Yes means the role has access. No means Uwazi blocks it. Any other cell shows a short phrase, such as Shared only, that describes the role's limited access. A dash (—) means the capability doesn't apply.

Configuration

These capabilities live under Settings. Only admins reach them.

CapabilityAdminEditorCollaboratorPublic visitor
Edit collection settingsYesNoNoNo
Edit navigation menu and linksYesNoNoNo
Manage languages and translationsYesNoNoNo
Create, edit, and delete pagesYesNoNoNo
Edit global CSS and custom uploadsYesNoNoNo
View the activity logYesNoNoNo
View dashboard statisticsYesNoNoNo

Users and access

These capabilities live under Settings > Users & Groups.

CapabilityAdminEditorCollaboratorPublic visitor
Create, edit, and delete usersYesNoNoNo
View the user listYesNoNoNo
Unlock locked accountsYesNoNoNo
Create, edit, and delete user groupsYesNoNoNo
Edit own profile (Account)YesYesYesNo

Content types

These capabilities define the data model under Settings.

CapabilityAdminEditorCollaboratorPublic visitor
Create, edit, and delete templatesYesNoNoNo
Create, edit, and delete thesauriYesNoNoNo
Create, edit, and delete relationship typesYesNoNoNo

Content and entities

These capabilities cover creating, editing, and enriching entities.

CapabilityAdminEditorCollaboratorPublic visitor
Create entitiesYesYesYesNo
Edit entitiesYesYesShared onlyNo
Bulk edit entitiesYesYesShared onlyNo
Delete entitiesYesYesShared onlyNo
Bulk delete entitiesYesYesShared onlyNo
Import entities from CSVYesNoNoNo
Upload documents and attachmentsYesYesYesNo
Create a table of contentsYesYesYesNo
Create relationships between entitiesYesYesShared onlyNo
Create references from text snippetsYesYesNoNo
Run metadata extractionYesYesNoNo
Run paragraph extractionYesYesNoNo

For collaborators, Shared only means they need write access to the entity. Uwazi grants write access on every entity a collaborator creates, and on entities shared with them at the write level.

Bulk delete and bulk edit need write access to every selected entity. If a collaborator selects an entity they can't write, Uwazi hides the option.

Sharing and publishing

These capabilities control who sees an entity.

CapabilityAdminEditorCollaboratorPublic visitor
Share entities with users and groupsYesYesYesNo
Publish or unpublish entitiesYesYesNoNo

Collaborators open the Share dialog and grant access to users and groups. The public visibility option stays hidden from them, so they can't publish.

Public and read access

These capabilities need no sign-in.

CapabilityAdminEditorCollaboratorPublic visitor
Read published entities and pagesYesYesYesYes
View public settings (logo, languages, filters)YesYesYesYes

Global roles vs entity sharing

Two systems decide access together. The role gates whole features, such as settings and user management. Entity sharing controls access to single entities through the Share dialog.

The role sets how the two systems combine for entities.

RoleEntity access
AdminSees and edits every entity, regardless of sharing.
EditorSees and edits every entity, regardless of sharing.
CollaboratorSees published entities, entities they create, and entities shared with them or their groups. Editing needs write access.
Public visitorSees published entities only.

Three rules follow from this:

  • A collaborator who creates an entity gets write access to it.
  • A collaborator sees an empty library when they have no entities of their own, none shared with them, and no published content.
  • Only admins and editors can publish, which is what makes an entity visible to public visitors.
warning

On a public instance, every published entity is visible to anyone on the internet.

Defaults and special cases

The table lists role defaults and accounts that behave differently.

ItemBehaviour
New user roleThe Add user form defaults to Collaborator.
Role requirementEvery account needs a role; Uwazi accepts only Admin, Editor, or Collaborator.
Publishing rightsOnly admins and editors change an entity's published state.
System (Public) userA built-in account for public form submissions; no one can edit or delete it.
Private instanceWhen an instance is private, visitors who aren't signed in go to the sign-in page.
warning

Deleting a user or an entity is permanent. Uwazi has no undo for these actions.