Phonemos User Guide

Advanced permission management with customisable roles

plan business

Phonemos uses a sophisticated role-based access control (RBAC) system with fine-grained permissions. While the platform comes with predefined roles (see Permission management with predefined roles), we can create custom roles with any combination of permissions to match your organization's specific needs.

Permission System Overview

Key Features:

  • Permission Inheritance: Permissions flow down the object hierarchy (Site → Topic → Zone → Wikipage)

  • Fine-Grained Control: 38+ individual permission flags that can be combined into custom roles

  • User & Group Assignment: Assign roles to individual users or entire groups

  • Cached Access Rights: Permissions are materialized for performance, ensuring fast access checks

Available Permissions

Phonemos has 38+ individual permission flags organized into functional categories. Custom roles can combine any of these permissions:

Basic Content Operations

Permission

Description

view

View published content

edit

Edit content and create drafts

publish

Publish draft content

delete

Delete content (moves to trash)

restore_all

Restore any deleted content from trash

restore_own

Restore own deleted content from trash

create_child

Create new pages, files, or child objects

Metadata & Data Management

Permission

Description

metadata_view

View metadata fields and values

metadata_edit

Edit metadata values on objects

metadata_record_define

Define metadata record schemas

metadata_custom_fields

Create and manage custom metadata fields

global_data_domain_configure

Configure global data domains

Record Sets

Permission

Description

record_set_view

View record set data

record_set_edit

Edit record set data

record_set_configure

Configure record set schema and settings

Discussion & Comments

Permission

Description

discussion_view

View discussions and comments

discussion_create

Start new discussions

discussion_reply

Reply to existing discussions

Tasks

Permission

Description

task_view

View tasks

task_edit

Edit task properties and status

Export

Permission

Description

export_tree

Export content trees

export_custom

Perform custom exports

export_template_edit

Edit export templates

Permission Management

Permission

Description

permissions_view

View permission settings

permissions_edit

Modify permission settings and role assignments

Site Configuration

Permission

Description

language_config_edit

Configure site language settings

site_configure_theme

Configure site theme and branding

site_configure_navigation

Configure site navigation and menu structure

site_import

Import content into the site

site_topic_types

Manage topic types

Topic Configuration

Permission

Description

topic_configure

Configure topic settings

topic_publish

Publish topic-level content

topic_zone

Create and manage zones within topics

topic_external_data_source_configure

Configure external data source connections (e.g., Jira, YouTrack)

Common Custom Role Examples

Content Contributor (Draft Only)

Users can create and edit content but cannot publish:

  • view, edit, create_child, metadata_view, metadata_edit

  • Excludes: publish, delete

Content Publisher

Users can review drafts and publish content but don't create content themselves:

  • view, edit (for minor corrections), publish, delete

Metadata Manager

Users who manage data structures and metadata without editing content:

  • view, metadata_view, metadata_edit, metadata_custom_fields, metadata_record_define, global_data_domain_configure

Read-Only with Export

Users who can view and export content but not modify anything:

  • view, metadata_view, export_tree, export_custom

How to Request Custom Roles

Custom role configuration is typically done during the initial setup phase of your Phonemos instance. To configure custom roles for your organization:

  1. Identify your needs: Define the specific roles and their required permissions based on your organization's workflow

  2. Contact support

  3. Provide details: Describe each custom role you need, including:

    • Role name and description

    • Specific permissions needed

    • Whether it applies at site or topic level

    • Use case and workflow requirements

Note: While we currently lack a user interface for custom role creation, this is typically a one-time setup during implementation. Once configured, your custom roles work seamlessly alongside the predefined roles through the standard permission management interface.