plan business
Phonemos uses a sophisticated role-based access control (RBAC) system with fine-grained permissions. While the platform comes with predefined roles (see Permission management with predefined roles), we can create custom roles with any combination of permissions to match your organization's specific needs.
Permission System Overview
Key Features:
Permission Inheritance: Permissions flow down the object hierarchy (Site → Topic → Zone → Wikipage)
Fine-Grained Control: 38+ individual permission flags that can be combined into custom roles
User & Group Assignment: Assign roles to individual users or entire groups
Cached Access Rights: Permissions are materialized for performance, ensuring fast access checks
Available Permissions
Phonemos has 38+ individual permission flags organized into functional categories. Custom roles can combine any of these permissions:
Basic Content Operations
Permission | Description |
|---|---|
view | View published content |
edit | Edit content and create drafts |
publish | Publish draft content |
delete | Delete content (moves to trash) |
restore_all | Restore any deleted content from trash |
restore_own | Restore own deleted content from trash |
create_child | Create new pages, files, or child objects |
Metadata & Data Management
Permission | Description |
|---|---|
metadata_view | View metadata fields and values |
metadata_edit | Edit metadata values on objects |
metadata_record_define | Define metadata record schemas |
metadata_custom_fields | Create and manage custom metadata fields |
global_data_domain_configure | Configure global data domains |
Record Sets
Permission | Description |
|---|---|
record_set_view | View record set data |
record_set_edit | Edit record set data |
record_set_configure | Configure record set schema and settings |
Discussion & Comments
Permission | Description |
|---|---|
discussion_view | View discussions and comments |
discussion_create | Start new discussions |
discussion_reply | Reply to existing discussions |
Tasks
Permission | Description |
|---|---|
task_view | View tasks |
task_edit | Edit task properties and status |
Export
Permission | Description |
|---|---|
export_tree | Export content trees |
export_custom | Perform custom exports |
export_template_edit | Edit export templates |
Permission Management
Permission | Description |
|---|---|
permissions_view | View permission settings |
permissions_edit | Modify permission settings and role assignments |
Site Configuration
Permission | Description |
|---|---|
language_config_edit | Configure site language settings |
site_configure_theme | Configure site theme and branding |
site_configure_navigation | Configure site navigation and menu structure |
site_import | Import content into the site |
site_topic_types | Manage topic types |
Topic Configuration
Permission | Description |
|---|---|
topic_configure | Configure topic settings |
topic_publish | Publish topic-level content |
topic_zone | Create and manage zones within topics |
topic_external_data_source_configure | Configure external data source connections (e.g., Jira, YouTrack) |
Common Custom Role Examples
Content Contributor (Draft Only)
Users can create and edit content but cannot publish:
view, edit, create_child, metadata_view, metadata_edit
Excludes: publish, delete
Content Publisher
Users can review drafts and publish content but don't create content themselves:
view, edit (for minor corrections), publish, delete
Metadata Manager
Users who manage data structures and metadata without editing content:
view, metadata_view, metadata_edit, metadata_custom_fields, metadata_record_define, global_data_domain_configure
Read-Only with Export
Users who can view and export content but not modify anything:
view, metadata_view, export_tree, export_custom
How to Request Custom Roles
Custom role configuration is typically done during the initial setup phase of your Phonemos instance. To configure custom roles for your organization:
Identify your needs: Define the specific roles and their required permissions based on your organization's workflow
Contact support
Provide details: Describe each custom role you need, including:
Role name and description
Specific permissions needed
Whether it applies at site or topic level
Use case and workflow requirements
Note: While we currently lack a user interface for custom role creation, this is typically a one-time setup during implementation. Once configured, your custom roles work seamlessly alongside the predefined roles through the standard permission management interface.